PT-2020-20667 · Blab! · Blab! Ws Pro+3
Gavin Loughridge
·
Published
2020-02-28
·
Updated
2020-03-04
·
CVE-2020-9449
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BlaB! AX version 19.11
BlaB! AX Pro version 19.11
BlaB! WS (client) version 19.11
BlaB! WS Pro (client) version 19.11
Description
An insecure random number generation issue allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Recommendations
For BlaB! AX version 19.11, update to a version that addresses the insecure random number generation issue.
For BlaB! AX Pro version 19.11, update to a version that addresses the insecure random number generation issue.
For BlaB! WS (client) version 19.11, update to a version that addresses the insecure random number generation issue.
For BlaB! WS Pro (client) version 19.11, update to a version that addresses the insecure random number generation issue.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blab! Ax
Blab! Ax Pro
Blab! Ws
Blab! Ws Pro