Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Session Fixation for the Same Account

POC

  1. Login as userA and observe sessionID for that user
  2. Logout and then login as UserA again and observe sessionID didn’t change.

Impact

Medium

Likelihood

Low (sessionID needs to be stolen or brute-forced or guessed)