PT-2009-2327 · Absolute · Absolute Banner Manager .Net

Hakxer

Published

2009-07-14

Updated

2017-09-29

CVE-2008-6858

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Absolute Banner Manager .NET version 4.0

Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value, specifically the cookie variable. This enables unauthorized access to administrative functions.

Recommendations: For Absolute Banner Manager .NET version 4.0, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the vulnerable authentication mechanism and instead implement an alternative authentication method to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-6858

Affected Products

Absolute Banner Manager .Net

PT-2009-2327 · Absolute · Absolute Banner Manager .Net

CVE-2008-6858

Weakness Enumeration

Related Identifiers

Affected Products

References · 5