[wp-trac] [WordPress Trac] #54569: Test Cookie / Session Fixation
WordPress Trac
noreply at wordpress.org
Fri Dec 3 19:31:52 UTC 2021
#54569: Test Cookie / Session Fixation
----------------------------------+----------------------
Reporter: scaryonly | Owner: (none)
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: minor | Resolution: invalid
Keywords: needs-privacy-review | Focuses: privacy
----------------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Thanks for the report @scaryonly but this is a false positive from your
security scanning software. The value of this cookie is fixed and known. A
session fixation vulnerability requires that the value is dynamic and
associated with a user account, which this is not, therefore changing its
value has no effect.
Regards and thanks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54569#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list