Описание
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dmasoftlab:dma_radius_manager:4.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.032
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
EPSS
Процентиль: 87%
0.032
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287