PT-2008-5095 · System Consultants+1 · La!Cooda Wiz+1
Published
2008-08-27
·
Updated
2017-08-08
·
CVE-2008-3736
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
System Consultants La!Cooda WIZ versions 1.4.0 and earlier
SpaceTag LacoodaST versions 2.1.3 and earlier
Description
The issue allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords or configurations due to multiple cross-site request forgery (CSRF) vulnerabilities.
Recommendations
For System Consultants La!Cooda WIZ versions 1.4.0 and earlier, update to a version later than 1.4.0 to resolve the issue.
For SpaceTag LacoodaST versions 2.1.3 and earlier, update to a version later than 2.1.3 to resolve the issue.
As a temporary workaround, consider restricting access to the password change and configuration change features until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
La!Cooda Wiz
Lacoodast