Session Fixation in agentejo/cockpit

Valid

Reported on

Sep 4th 2021


✍️ Description

A malicious actor with access to the computer is able to reveal the loaded site's actual session identifier value from the stored cookie. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer.

🕵️‍♂️ Proof of Concept

  • 1; Open the website, in incognito mode, to make sure, you don't have any live sesion.

  • 2; Obtain the session identifier value from the cookie

  • 3; Initiate a login with a valid user

  • 4; Obtain the session identifier value again from the cookie

The value is the same before and after the login.

💥 Impact

Upon successful attack, the malicious actor is able to hijack the user's session, what causes total compromise of the target's account.

We created a GitHub Issue asking the maintainers to create a SECURITY.md 3 months ago
Ziding Zhang
3 months ago

Admin


Hey gergelykis, I'm just contacted the repo maintainer for you.

We have contacted a member of the agentejo/cockpit team and are waiting to hear back 3 months ago
Artur validated this vulnerability 2 months ago
TheLabda has been awarded the disclosure bounty
The fix bounty is now up for grabs
Artur confirmed that a fix has been merged on 0c6628 2 months ago
Artur has been awarded the fix bounty