Jordi Forès

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR (Insecure Direct Object Reference) vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint. This vulnerability is related to the bypass of authorization via the use of a user-controlled key. The exploitation of this vulnerability may allow a remote attacker to implement a brute-force attack. Recommendations: For AbsysNet version 2.3.1, consider disabling access to the "/cgi-bin/ocap/" endpoint as a temporary workaround until a patch is available. Restricting access to this endpoint can minimize the risk of exploitation. Additionally, review logs for signs of exploit and patch the system as soon as possible.