RC RANDOM CHAOS

session-fixation

1 post

Victim types the password, attacker keeps the token
Article

Victim types the password, attacker keeps the token

CVE-2023-4714 session fixation (CWE-384) explained: how attackers plant a session ID, bypass MFA, what fires in telemetry, and why rotation alone is not enough.