Session Fixation Vulnerability in Catalyst::Plugin::Authentication for Perl
CVE-2009-10007
9.1CRITICAL
What is CVE-2009-10007?
Catalyst::Plugin::Authentication for Perl versions prior to 0.10_027 is vulnerable to session fixation attacks. This vulnerability arises because the plugin does not automatically change the session ID after a user successfully authenticates. Consequently, if an attacker manages to capture a session ID cookie, they can impersonate the victim and gain unauthorized access to their session, compromising the security of the user and their data.
Affected Version(s)
Catalyst::Plugin::Authentication 0 < 0.10_027
