Permalink
Browse files

Fix h1 report 176116

Session fixation
----------------

The HackerOne user pavanw3b has reported that Revive Adserver wasn't
properly invalidating the current session when setting a new password
via the forgot password mechanism. That could allow attackers having
access to the session ID to keep the authenticated session alive.

CWE-ID: CWE-384

CVSSv3 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
CVSSv3 Base Score: 5.9
CVSSv3 Temporal Score: 5.2
  • Loading branch information...
mbeccati committed Jan 24, 2017
1 parent a51ee66 commit b088012e5439f39a86b9d4f1e83b8dcd345f5d34
Showing with 3 additions and 1 deletion.
  1. +3 −1 lib/OA/Admin/PasswordRecovery.php
@@ -117,7 +117,9 @@ function handlePost($vars)
if (empty($vars['newpassword']) || empty($vars['newpassword2']) || $vars['newpassword'] != $vars['newpassword2']) {
$this->displayRecoveryResetForm($vars['id'], $GLOBALS['strNotSamePasswords']);
} elseif ($this->_dal->checkRecoveryId($vars['id'])) {
$userId = $this->_dal->saveNewPasswordAndLogin($vars['id'], $vars['newpassword']);
$this->_dal->saveNewPasswordAndLogin($vars['id'], $vars['newpassword']);
phpAds_SessionRegenerateId();
OX_Admin_Redirect::redirect();
} else {
$this->displayRecoveryRequestForm($GLOBALS['strPwdRecWrongId']);

0 comments on commit b088012

Please sign in to comment.