How to Buy
This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.
The remote web application is affected by a session fixation
If the session cookie is already present before authentication, it
remains unchanged after a successful login. A remote attacker can
exploit this to hijack a valid user session.
Session cookies are expected to be unpredictable in a secure web
application. If HTTP cookies can be manipulated (by injecting client-
the pseudo-random generator, and the web application is vulnerable to
a 'session fixation' attack.
See also :
Fix the application so that the session cookie is re-generated after
Risk factor :
Medium / CVSS Base Score : 5.1
Family: Web Servers
Nessus Plugin ID: 46201 (fixed_session_cookies.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.