Reliance on Cookies without Validation and Integrity Checking
CVE-2012-5631
Summary
ipa 3.0 does not properly check server identity before sending credential containing cookies
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
CWE-565 - Reliance on Cookies without Validation and Integrity Checking
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
References
Advisory Timeline
- Published