Symptom:
Session IDs were not generated after users authenticated to an application successfully. Consequently, in a shared computing environment, or using a cross-site scripting vulnerability, an attacker could record the session ID assigned to a particular computer and use it to access the application as an authenticated user.
Solution:
This issue has now been resolved.
|
Copyright © 2013 CA.
All rights reserved.
|
|