CVE-2001-0972

Name of the Vulnerable Software and Affected Versions Surf-Net ASP Forum versions prior to 2.30

Description The issue allows remote attackers to gain administrative privileges by calculating the value of the admin cookie, which is based on the UserID. The admin cookie can be calculated using the UserID 1.

Recommendations For versions prior to 2.30, consider updating to version 2.30 or later to resolve the issue. As a temporary workaround, restrict access to administrative functions to minimize the risk of exploitation. Avoid using easily guessable cookies based on the UserID until the issue is resolved.