[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality

Posted by RedTeam Pentesting GmbH on Dec 22

Advisory: Symfony PHP Framework: Session Fixation In “Remember Me” Login
Functionality

A session fixation vulnerability within the Symfony web application
framework’s “Remember Me” login functionality allows an attacker to
impersonate the victim towards the web application if the session ID
value was previously known to the attacker.

Details
=======

Product: Symfony
Affected Versions: 2.3.0 to 2.3.34, 2.6.0 -…

Leave a Reply