CVE-2001-0922

Name of the Vulnerable Software and Affected Versions Netdynamics versions 4.x through 5.x

Description The issue allows remote attackers to steal session IDs and hijack user sessions. This is achieved by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Recommendations For Netdynamics versions 4.x through 5.x, consider restricting access to the login field to minimize the risk of exploitation. As a temporary workaround, avoid using the SPIDERSESSION and uniqueValue variables in the login process until a patch is available.