PT-2007-5600 · Olate · Olate Download

Publicado

2007-08-18

Atualizado

2018-10-15

CVE-2007-4419

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Olate Download (od) version 3.4.1

Description The issue allows remote attackers to more easily guess the authentication cookie, potentially granting access to the Admin area. This is due to the composition of the OD3 AutoLogin authentication cookie using an MD5 hash of the admin username, user id, and group id.

Recommendations For Olate Download (od) version 3.4.1, consider disabling the use of the OD3 AutoLogin authentication cookie until a more secure method is implemented. Restrict access to the Admin area to minimize the risk of exploitation. Avoid using the username, user id, and group id in the composition of the authentication cookie. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2007-4419

Produtos afetados

Olate Download

PT-2007-5600 · Olate · Olate Download

CVE-2007-4419

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13