CVE-2024-25977

May 29, 2024, 3:18 p.m.

Product(s) Impacted

UNKNOWN

Description

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.

Weaknesses

Date

Published: May 29, 2024, 1:15 p.m.

Last Modified: May 29, 2024, 3:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

551230f0-3615-47bd-b7cc-93e92e730bbf

References

https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1

551230f0-3615-47bd-b7cc-93e92e730bbf

https://r.sec-consult.com/hawki

551230f0-3615-47bd-b7cc-93e92e730bbf

CVE-2024-25977

Tags

Product(s) Impacted

Description

Weaknesses

Date

Status : Awaiting Analysis

Source

References

Share