Web Server Uses Non Random Session IDs
Medium Nessus Plugin ID 31657
SynopsisThe remote web server generates predictable session IDs.
DescriptionThe remote web server generates a session ID for each connection. A session ID is typically used to keep track of the actions of a user while he visits a website.
The remote server generates non-random session IDs. An attacker might use this flaw to guess the session IDs of other users and therefore steal their session.
SolutionConfigure the remote site and CGIs so as to use random session IDs.