Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19142
HistoryFeb 16, 2008 - 12:00 a.m.

DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack

2008-02-1600:00:00
vulners.com
48
JSON

ID : DOINGSOFT-2008-02-11-001

Discovered : 15/10/2007

Corrected : 15/11/2007

Publication :11/02/2008

Affected Software : IPDiva VPNSSL
Versions :
Users who autenticate with login et passwd without OTP systems
* 2.2 branch < 2.2.8.84
* 2.3 branch < 2.3.2.14

Vulnerability : Brute force attack

Description :
The IPDiva Mediation server suffer of cookie exploitation
vulnerability. A mecanism of limitation after a number of bad login/
passwd exist based on a cookie. When the cookie is null, the account
is blocked. With the modification of the cookie to a value like 4242,
we can try a unlimited number of connection if the cookie is resetted
when it reached 2

JSON