PT-2010-1465 · Novell · Novell Edirectory
Hdm
·
Published
2010-02-26
·
Updated
2017-08-17
·
CVE-2009-4655
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Novell eDirectory version 8.8.5
Description
The issue concerns the dhost web service, which uses a predictable session cookie. This predictability makes it easier for remote attackers to hijack sessions by modifying the cookie.
Recommendations
For Novell eDirectory version 8.8.5, consider regenerating session cookies with a more secure, unpredictable algorithm to prevent session hijacking. As a temporary workaround, restrict access to the dhost web service to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Novell Edirectory