Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=99834088223352&w=2 | |
http://www.securityfocus.com/bid/3210 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-02-02T05:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2002-01-31T00:00:00
Link: CVE-2001-0972
JSON object: View
NVD Information
Status : Modified
Published: 2001-08-31T04:00:00.000
Modified: 2017-07-11T01:29:04.993
Link: CVE-2001-0972
JSON object: View
Redhat Information
No data.
CWE