search

wwesleyalves / bodgeit

0 stars 0 forks source link

CX Session_Fixation @ root/logout.jsp [main] #14

Open wwesleyalves opened 1 year ago

wwesleyalves commented 1 year ago

Session_Fixation issue exists @ root/logout.jsp in branch main

*Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing sessions. This may enable Session Fixation.Similarity ID: -760134284

Method session.setAttribute at line 4 of root\logout.jsp performs user authentication without terminating existing sessions. This may enable Session Fixation.Similarity ID: 401320756

Method session.setAttribute at line 5 of root\logout.jsp performs user authentication without terminating existing sessions. This may enable Session Fixation.Similarity ID: -1231961228*

Severity: Medium

CWE:384

Vulnerability details and guidance

Checkmarx

Training Recommended Fix

Lines: 3 4 5

Code (Line #3):

session.setAttribute("username", null);

Code (Line #4):

session.setAttribute("usertype", null);

Code (Line #5):

session.setAttribute("userid", null);
wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves commented 1 year ago

Issue still exists.

wwesleyalves commented 1 year ago

Issue still exists.