CVE Published: 29/05/2024 |
CVE Updated: 21/11/2024 |
CVE Year: 2024 Source: SEC-VLab |
Vendor: Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany |
Product: HAWKI Status : PUBLISHED
CVE-2024-25977 Description
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim\'s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim\'s account being taken over.
CWE-ID: CWE-384 CWE Name: CWE-384 Session Fixation Source: Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany
Common Attack Pattern Enumeration and Classification (CAPEC)