Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Session IDs are not always recreated when logging out under PHP 5 #4282

Merged
merged 2 commits into from
May 26, 2021

Conversation

ddb4github
Copy link
Contributor

Steps:

  1. access cacti/logout.php
  2. Open Firefox DevTools, modify cookie Cacti value to randomsessionid
  3. Input username/password, then click button Login
  4. Browser will forward to cacti/index.php?csrf_timeout=true with login UI
  5. Input username/password, then click button Login again
  6. Login success, and show Console
  7. Check cookie Cacti value, it's randomsessionid

Note:

  • Ubuntu 18 + PHP 7.2 has not this issue, and always regenerate session id to replace randomsessionid

Copy link
Member

@netniV netniV left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remember to update the change log and titles to plain English.

@ddb4github ddb4github changed the title Fixed: session fixation issue for PHP 5.4 session fixation issue for PHP 5.4 May 25, 2021
@TheWitness
Copy link
Member

Seems like it would need a version unfair and then shouldn't this have been upstreamed by somebody?

@TheWitness
Copy link
Member

RHEL7 does not go away before 2024, and not everyone does REMI.

@ddb4github ddb4github changed the title session fixation issue for PHP 5.4 Security: session fixation for PHP 5.4 May 26, 2021
@netniV netniV merged commit cff7bd1 into Cacti:1.2.x May 26, 2021
@ddb4github ddb4github deleted the sessfixation branch May 27, 2021 08:12
@netniV netniV changed the title Security: session fixation for PHP 5.4 Session IDs are not always recreated when logging out under PHP 5 Jul 4, 2021
@netniV netniV added the SECURITY A security issue reported through CVE label Jul 4, 2021
@netniV netniV added this to the 1.2.18 milestone Jul 4, 2021
@github-actions github-actions bot locked and limited conversation to collaborators Oct 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
SECURITY A security issue reported through CVE
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants