Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=99834088223352&w=2 | |
http://www.securityfocus.com/bid/3210 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2001-08-31 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2001-0972
Mitre link : CVE-2001-0972
CVE.ORG link : CVE-2001-0972
JSON object : View
Products Affected
surf-net
- asp_forum
CWE