BugTraq
Re: Joomla: Session hijacking vulnerability, CVE-2008-4122 Dec 18 2008 11:40AM
darkz gsa gmail com
Yes, I can reproduce this behavior. The application should reinitialize the cookie after the login but instead it will keep the previous cookie. An interesting thing this is valid only for the login_module, the administrator login page does not automatically redirect to HTTPS by configuration.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus