Impact

Two cookies are created for the same session, which leads to a possibility to steal user session.

Patches

Fixed in 2.7.2 and 3.0.0

Credits

Many thanks to Cyblex Technologies (Clément Speybrouck, Antoine Vacher) for this report !

References

Combodo ref N°3333

For more information

If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com