CVE-2007-3420

Name of the Vulnerable Software and Affected Versions WebAPP versions prior to 0.9.9.7

Description The issue concerns the Random Cookie Password functionality in the loaduser function, specifically in the subs.pl file within the cgi-bin/cgi-lib directory of WebAPP. This functionality fails to clear certain cookies, including username, password, usertheme, and userlang, for unauthorized users. The impact and attack vectors of this issue are remote, but the specific effects are not detailed.

Recommendations For versions prior to 0.9.9.7, update to version 0.9.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the loaduser function in subs.pl to minimize the risk of exploitation. Additionally, clearing the username, password, usertheme, and userlang cookies for unauthorized users can help mitigate the risk until a patch is applied.