Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Osticket | Enhancesoft | * | 1.16.2 (including) |
Such a scenario is commonly observed when: