Defect #19581: _redmine_session cookie security flaw - Redmine

Actions

Copy link

Defect #19581

closed

_redmine_session cookie security flaw

Added by Marcelo Dalmao over 9 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

High

Assignee:

Category:

Accounts / authentication

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

Description

Once logged in redmine , simply look for the cookie is generated and then use it to log in from another browser, without knowing your user name and password . It's a big security breach because anyone with access to copy the cookie , you can logging of that user without any approval of the person and without being detected.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #19581

_redmine_session cookie security flaw

Updated by Ieuan Jenkins over 9 years ago

Updated by Toshi MARUYAMA over 9 years ago

Updated by Marcelo Dalmao over 9 years ago

Updated by Toshi MARUYAMA over 9 years ago

Updated by Toshi MARUYAMA over 9 years ago

Updated by Jean-Philippe Lang over 9 years ago