WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:00
Updated: 2022-10-03T16:21:00
Reserved: 2022-10-03T00:00:00
Link: CVE-2010-1507
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-09-03T20:00:01.527
Modified: 2010-09-06T04:00:00.000
Link: CVE-2010-1507
JSON object: View
Redhat Information
No data.
CWE