CVE-1999-0428Session Fixation in Openssl

CWE-384Session Fixation7 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
OpensslMsrc CBL Mariner 1.0 ARMMsrc CBL Mariner 1.0 X64
Timeline
PublishedMar 22
Latest updateApr 19

Description

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDopenssl/openssl< 0.9.2b

🔴Vulnerability Details

2
VulDB
OpenSSL/SSLeay SSL Session Reuse privileges management (Nessus ID 17798 / XFDB-1991)2026-04-19
GHSA
GHSA-25x3-rfqm-vgrr: OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls2022-04-30

📋Vendor Advisories

2
Microsoft
CVE-1999-0428: NIST NVD Details: https://nvd2020-09-08
Red Hat
openssl: allow remote attackers to reuse SSL sessions and bypass access controls1999-03-22

📐Framework References

1
CAPEC
Reusing Session IDs (aka Session Replay)

💬Community

1
Bugzilla
CVE-1999-0428 openssl: allow remote attackers to reuse SSL sessions and bypass access controls2020-10-27