Abstract Advisory Information
RAQuest is a software solution for handling foreign withholding taxes.
A cookie is vulnerable to the session fixation vulnerability, allowing an attacker to define the session identifier that will be used to reference his session on the server side after the authentication.
Authors: Julien Oury–Nogues from Excellium-Services company
Name: Halvotec Raquest
Common Vulnerability Scoring System
Vulnerability Disclosure Timeline
- 22/08/2019: Vulnerability discovered.
- 28/08/2019: vendor contacted.
- 09/09/2019: vendor correctly receive the attachment.
- 13/09/2019: Ask vendor an Acknowledgement.
- 20/09/2019: Ask vendor an Acknowledgement.
- 29/10/2019: Vendor does not considered this issue as it. No patch will be released.
- 03/12/2019: Request CVE-ID
- 17/12/2019: Responsible disclosure with CSSF and CERT-BUND
- 24/12/2019: Public disclosure.
- 27/03/2020: vendor announces a fix for end of May 2020