Computer Security
[EN] securityvulns.ru no-pyccku


CA 2E Web Option session spooging
Published:01.04.2014
Source:
SecurityVulns ID:13661
Type:remote
Threat Level:
5/10
Description:Pridictable session token.
Affected:CA : 2E Web Option 8.6
CVE:CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.)
Original documentdocumentCA, CA20140218-01: Security Notice for CA 2E Web Option (01.04.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod