- Description
- @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "3F071BA9-FBA0-4860-9B99-9D48230422D2",
"versionEndExcluding": "1.1.0"
},
{
"criteria": "cpe:2.3:a:fastify:passport:*:*:*:*:*:node.js:*:*",
"vulnerable": true,
"matchCriteriaId": "341AD078-D84A-45B6-876F-7FA286EECAAA",
"versionEndExcluding": "2.3.0",
"versionStartIncluding": "2.0.0"
}
],
"operator": "OR"
}
]
}
]