Red Hat Bugzilla – Bug 1072151
CVE-2014-0090 Foreman: Session fixation
Last modified: 2016-04-26 12:04:38 EDT
Jeremy Choi and Keqin Hong of the Red Hat HSS Pen-Test Team reported that under some circumstances foreman did not generate new session-id's for every login. This flaw could allow authentication to be bypassed through session fixation attacks.
This issue was discovered by Jeremy Choi and Keqin Hong of the Red Hat HSS Pen-Test Team.
The Red Hat Security Response Team has rated this issue as having Low security impact in Red Hat Enterprise Linux OpenStack Platform 3 and 4. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.