CVE-2018-16495

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.

Reference Links(if available):

  • https://hackerone.com/reports/1168192
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)