Session Management Hardening #3
Description
Session IDs are generated as timestamp-nonce strings without cryptographic randomness. An attacker could guess future IDs.
Metadata
Metadata
Assignees
Labels
No labels
{{ message }}
Session IDs are generated as timestamp-nonce strings without cryptographic randomness. An attacker could guess future IDs.