Skip to content
Permalink
Browse files
Document vulnerability CVE-2018-1340, fixed in 1.0.0.
  • Loading branch information
mike-jumper committed Jan 23, 2019
1 parent deaf070 commit 114e5e1f8536d1fd30dc21850ccb79edcf753c87
Showing 1 changed file with 13 additions and 0 deletions.
@@ -0,0 +1,13 @@
---
title: Secure flag missing from session cookie
cve: CVE-2018-1340
fixed: 1.0.0
---

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
user's session token. This cookie lacked the "secure" flag, which could allow
an attacker eavesdropping on the network to intercept the user's session token
if unencrypted HTTP requests are made to the same domain.

Acknowledgements: We would like to thank Ross Golder for reporting this issue.

0 comments on commit 114e5e1

Please sign in to comment.