ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Vulnerability scanner reports session fixation vulnerability for ICDx 1.4
Article ID: 208792
Updated On:
Products
ICDx
Issue/Introduction
A vulnerabillity scan of the ICDx web GUI reports a session fixation vulnerability.
Session fixation allows an attacker to impersonate a user by abusing an authenticated session ID (SID). This attack can occur when a web application:
- Fails to supply a new, unique SID to a user following a successful authentication
- Allows a user to provide the SID to be used after authenticating
Cause
This is a false positive.
Environment
Release : 1.4
Component : ICDx
Resolution
This is a false positive likely resulting from the structure of the session ID generated by the ICDx web GUI. All logins generate a unique token and alternate session tokens supplied by the client will not be accepted.
Feedback
Yes
No
Powered by
