PT-2008-2730 · Omegasoft · Omega Interneserviceslosungen
Publicado
2008-03-04
·
Atualizado
2018-10-11
·
CVE-2008-1134
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) version 7
Description
The issue allows remote attackers to login as an arbitrary user via a modified cookie, due to the lack of a shared secret in the authentication cookie.
Recommendations
For OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) version 7, consider implementing a secure authentication mechanism that includes a shared secret to prevent unauthorized access. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Omega Interneserviceslosungen