PT-2005-1779 · Novell · Novell Ichain

Published

2005-03-13

Updated

2017-07-11

CVE-2005-0744

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell iChain versions 2.2 through 2.3 SP3

Description The issue allows attackers to hijack sessions and gain administrator privileges through two methods: (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.

Recommendations For Novell iChain versions 2.2 through 2.3 SP3, consider restricting access to TCP port 51100 to minimize the risk of session hijacking and implement secure cookie handling practices to prevent replaying of the PCZQX02 authentication cookie.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0744

Affected Products

Novell Ichain

PT-2005-1779 · Novell · Novell Ichain

CVE-2005-0744

Related Identifiers

Affected Products

References · 6