[Secure-testing-team] Bug#778618: novnc: session hijack through insecurely set session token cookies
Moritz Muehlenhoff
jmm at inutil.org
Tue Feb 17 14:31:45 UTC 2015
Package: novnc
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see
http://www.openwall.com/lists/oss-security/2015/02/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=1193451
Fix:
https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
Cheers,
Moritz
More information about the Secure-testing-team
mailing list