Hello,
I hope this message finds you well.
Please I need help with an urgent issue. My institution conducted a vulnerability assessment check on all our systems and the results showed that our Moodle site has session management vulnerability. Please see the report below.
Title: Session management vulnerability
Status: Critical
Remediation plan: REC27_WPT2 – Ignore session ID provided by browser at logon. Web application must ignore any session ID provided by the user's browser during login. Session ID must be generated on successful login by the user and terminated on logoff.
Please, any suggestions on how this issue can be resolved?
I look forward to hearing from you.
Thank you.