Details
Description
The cookie JSESSIONID is issued before login, and is not changed on successful login. Therefore, an attacker can know this cookie and use it after a valid user authenticated it. This holds especially for shared workstations.
The cookie JSESSIONID is issued before login, and is not changed on successful login. Therefore, an attacker can know this cookie and use it after a valid user authenticated it. This holds especially for shared workstations.