Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-5649

Jira Align Security Deficiency no 21 : correct weak session management

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Web application lacks a strong and consistent session ID management framework:
      d) numerical incremental session IDs are used  
      f) 3. session IDs do not expire when the browser's window is closed
      Weak session management may allow an attacker to monitor, hijack or replay a session to gain access to the web application. The solution may not meet Vodafone Standards. This could lead to service disruption and unauthorised change or disclosure of information.  Web application must have a strong and consistent session ID management framework  

              99bfc1506543 Jake Comito
              backbone-sync-bot backbone-sync-bot
              Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated: