Are Access Manager Agents susceptible to Session Fixation attacks?
Originally Published: 2009-05-26
Article Number
Applies To
RSA Access Manager 4.8 Agent for Apache 2.2
IBM Rational Appscan
Issue
IBM Rational Appscan report for the Access Manger Login pages were identified as potentially vulnerable for the reason ?Session Identifier Not Updated?.
Cause
Resolution
For more information on Session Fixation Attacks see http://capec.mitre.org/data/definitions/60.html
Related Articles
RSA Access Manger is unable to open new sockets Number of Views SOFTWARE_TOKEN_NOT_AVAILABLE_IN_SYSTEM_WITH_EXP_CRITERIA error although tokens exist in RSA Authentication Manager 8.x Number of Views Want to pass a configuration file to the FIM 3.0 / 3.1 Bulk Federation Utility Number of Views Test Access to Cloud Access Service Number of Views RSA ID Plus BlastRADIUS Vulnerability Fix: Frequently Asked Questions Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
