Back to search
CVE-2016-8638
Published: Jul 12, 2017
Modified: Aug 6, 2024
PUBLISHED
Description
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://ipsilon-project.org/release/2.1.0.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
x_refsource_CONFIRM
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
x_refsource_CONFIRM
https://ipsilon-project.org/advisory/CVE-2016-8638.txt
x_refsource_CONFIRM
94439
vdb-entry
x_refsource_BID
RHSA-2016:2809
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now