Greetings All,
As we scan our moodle websites through the BurpSuite scanner, we overcome the
Session token in URL Vulnerability
Issue Detail :
"The URL in the request appears to contain a session token within the query string:
- https://xxxxxxxxxxxxx/admin/repository.php?sesskey=TIMHDsnYRP&action=edit&repos=recent
Issue Remediation Recommendation:
Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
The moodle version the website is on is 3.9.x
Could someone enlighten on how this vulnerability can be mitigated. (Or can this be ignored as a false positive)
Thanks
Kind regards