GitLab Vulns Could Lead to Session Hijacking – Infosecurity Magazine

During a recent pen test of GitLab, Imperva researchers were surprised to come across a vulnerability that leaves users exposed to session hijacking attacks.

The vulnerability stems from the type of session tokens used by GitLab. According to Imperva, the tokens are troublesome because: They are short, making them susceptible to brute-force attacks; they are persistent, meaning they never expire; and they lack role-based access control, meaning a simple copy/paste of the token grants access to every actionable item on the GitLab platform, eg, user dashboards, account information, individual projects and website code.

Click here to view original web page at www.infosecurity-magazine.com

Categories:
Tags: Cyber Attack

Your e-mail address will not be published.
Required fields are marked*