Session Fixation in agentejo/cockpitValid
Sep 4th 2021
A malicious actor with access to the computer is able to reveal the loaded site's actual session identifier value from the stored cookie. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer.
🕵️♂️ Proof of Concept
1; Open the website, in incognito mode, to make sure, you don't have any live sesion.
2; Obtain the session identifier value from the cookie
3; Initiate a login with a valid user
4; Obtain the session identifier value again from the cookie
The value is the same before and after the login.
Upon successful attack, the malicious actor is able to hijack the user's session, what causes total compromise of the target's account.