Session Fixation in agentejo/cockpit

Valid

Reported on

Sep 4th 2021

✍️ Description

A malicious actor with access to the computer is able to reveal the loaded site's actual session identifier value from the stored cookie. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer.

🕵️‍♂️ Proof of Concept

1; Open the website, in incognito mode, to make sure, you don't have any live sesion.
2; Obtain the session identifier value from the cookie
3; Initiate a login with a valid user
4; Obtain the session identifier value again from the cookie

The value is the same before and after the login.

💥 Impact

Upon successful attack, the malicious actor is able to hijack the user's session, what causes total compromise of the target's account.

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago

Z-Old

commented 2 years ago

Admin

Hey gergelykis, I'm just contacted the repo maintainer for you.

We have contacted a member of the agentejo/cockpit team and are waiting to hear back 2 years ago

Artur validated this vulnerability 2 years ago

TheLabda has been awarded the disclosure bounty

The fix bounty is now up for grabs

Artur marked this as fixed with commit 0c6628 2 years ago

Artur has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation