This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote web server generates predictable session IDs.
The remote web server generates a session ID for each connection. A
session ID is typically used to keep track of the actions of a user
while he visits a website.
The remote server generates non-random session IDs. An attacker might
use this flaw to guess the session IDs of other users and therefore
steal their session.
See also :
Configure the remote site and CGIs so as to use random session
Risk factor :
Medium / CVSS Base Score : 6.4
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now