Описание
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.2 (исключая)
cpe:2.3:a:navarino:infinity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01242
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.
EPSS
Процентиль: 79%
0.01242
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-384
CWE-384