Session fixation vulnerability in pcsd in pcs before 0.9.157.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pcs | Clusterlabs | * | 0.9.156 (including) |
Such a scenario is commonly observed when: