CVE-2023-28395

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue is related to a weak session token generation algorithm that can be predicted, potentially allowing an attacker to hijack a session by predicting the session id and gain unauthorized access to the product. This is due to insufficient entropy in the session token generation. The vulnerability may be exploited by a remote attacker to gain unauthorized access to the device.

Recommendations For Osprey Pump Controller version 1.01, consider implementing additional security measures to protect against session hijacking, such as enhancing the session token generation algorithm to increase entropy and make it more difficult to predict. As a temporary workaround, restrict access to sensitive areas of the product to minimize the risk of exploitation.