Описание
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
EPSS
Процентиль: 25%
0.00084
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 5.5
github
около 1 года назад
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
EPSS
Процентиль: 25%
0.00084
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-384