Are Access Manager Agents susceptible to Session Fixation attacks?
Originally Published: 2009-05-26
Article Number
Applies To
RSA Access Manager 4.8 Agent for Apache 2.2
IBM Rational Appscan
Issue
IBM Rational Appscan report for the Access Manger Login pages were identified as potentially vulnerable for the reason ?Session Identifier Not Updated?.
Cause
Resolution
For more information on Session Fixation Attacks see http://capec.mitre.org/data/definitions/60.html
Related Articles
RSA Access Manger is unable to open new sockets Number of Views SOFTWARE_TOKEN_NOT_AVAILABLE_IN_SYSTEM_WITH_EXP_CRITERIA error although tokens exist in RSA Authentication Manager 8.x Number of Views Multiple RADIUS Requests Result in LDAP Authentication Failure Number of Views RSA ID Plus BlastRADIUS Vulnerability Fix: Frequently Asked Questions Number of Views Best practices for running vulnerability scans against RSA Authentication Manager 8.x Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
