How to Buy
This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote web application may be vulnerable to a session fixation
If the session cookie is already present before authentication, it
remains unchanged after a successful login. That is, only server-side
variables are updated.
Session cookies are expected to be unpredictable in a secure web
application. If HTTP cookies can be manipulated (by injecting client-
the pseudo-random generator, and the web application is vulnerable to
a 'session fixation' attack.
See also :
Fix the application so that the session cookie is re-generated after
Risk factor :
Medium / CVSS Base Score : 5.1
Family: Web Servers
Nessus Plugin ID: 46201 (fixed_session_cookies.nasl)
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.