Request for help using phpIPAM / Misc question?
Hi
I create a VM to evaluate the use on our infrastructure, in our evaluation we did also a Vulnerability Scan and we found the "Web Server Predictable Session ID Vulnerability", we are not developers and we want know how fix it.
The phpipam v1.5 run on OracleLinux 8.x with php v7.1 and apache2 v2.4.37
IMPACT: The session ID can be trivially guessed after only a limited number of attempts. If this issue is successfully exploited, then it may be possible for an attacker to obtain the cookie-based authentication credentials for legitimate users, allowing unauthorized access to the vulnerable application.
Netcraft Security Advisory 2001-01.1 - Predictable Session IDs (http://news.netcraft.com/archives/2003/01/01/
security_advisory_2001011_predictable_session_ids.html)
Request for help using phpIPAM / Misc question?
Hi
I create a VM to evaluate the use on our infrastructure, in our evaluation we did also a Vulnerability Scan and we found the "Web Server Predictable Session ID Vulnerability", we are not developers and we want know how fix it.
The phpipam v1.5 run on OracleLinux 8.x with php v7.1 and apache2 v2.4.37
IMPACT: The session ID can be trivially guessed after only a limited number of attempts. If this issue is successfully exploited, then it may be possible for an attacker to obtain the cookie-based authentication credentials for legitimate users, allowing unauthorized access to the vulnerable application.
Netcraft Security Advisory 2001-01.1 - Predictable Session IDs (http://news.netcraft.com/archives/2003/01/01/
security_advisory_2001011_predictable_session_ids.html)