Описание
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:vwar:virtual_war:1.6.1:r2:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
EPSS
Процентиль: 45%
0.00225
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255