op5 Monitor Persistent Session Cookie
Medium Nessus Plugin ID 57580
SynopsisThe remote web server hosts a PHP application that handles session cookies improperly.
DescriptionThe remote web server has a version of op5 Monitor that improperly handles session cookies. The application sets an expiry date on cookies, causing logins to persist across sessions. Additionally, cookies are not reissued after login.
Note that most versions affected by this vulnerability are also affected by CVE-2012-0263, which is an information disclosure vulnerability.
SolutionUpgrade op5 Monitor to version 5.5.1 or later.