Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Ambari is keeping the session cookie in the response even after logout from ambari.
Ambari is vulnerable to session replay attack due to this vulnerability .
we should remove the 'AMBARISESSIONID' once the user is logged out.
Please refer to attached screenshot.