GitLab Vulns Could Lead to Session Hijacking
September 4, 2017
During a recent pen test of GitLab, Imperva researchers were surprised to come across a vulnerability that leaves users exposed to session hijacking attacks. The vulnerability stems from the type of session tokens used by GitLab. According to Imperva, the tokens are troublesome because: They are short, making them susceptible to brute-force attacks; they are […]