Open akoul opened 8 years ago
Do you have credit/bounty program for reporting security vulnerabilities?
No sorry. If I could afford it, I would.
Please give appropriate credits for reporting this. Do let me know if you need any information from my side.
Thanks for this!
The fcms 3.6.2 is vulnerable to Session Fixation. The app does not change the session id (PHPSESSID) post successful authentication. Also, the app accepts user-set session ID. This could allow an attacker to force a user to login using attacker's session ID. Once the user logs in, the attacker can then use the same session ID to gain access to the user's account.
Reference - https://www.owasp.org/index.php/Session_fixation
There is a $15 open bounty on this issue.