CVE-2010-5067

Name of the Vulnerable Software and Affected Versions Virtual War (aka VWar) version 1.6.1 R2

Description The issue allows remote attackers to bypass timeout and logout actions, retaining access for a long period. This is possible because the software uses static session cookies that depend only on a user's password. By leveraging knowledge of a session cookie, attackers can exploit this.

Recommendations For Virtual War (aka VWar) version 1.6.1 R2, consider implementing dynamic session cookies that incorporate additional factors beyond just the user's password to prevent attackers from bypassing timeout and logout actions. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.