header-logo
Suggest Exploit
vendor:
VitalNet
by:
SecurityFocus
7,5
CVSS
HIGH
Cookie-based Authentication Flaw
287
CWE
Product Name: VitalNet
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

Cookie-based Authentication Flaw in VitalNet

VitalNet, part of Lucent's VitalSuite SP product family, contains a flaw in its cookie-based authentication mechanism. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. This is done by sending a specially crafted HTTP request to the server, such as http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>.

Mitigation:

Lucent has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3784/info

VitalNet is part of Lucent's VitalSuite SP product family. VitalNet allows users to monitor, analyze, manage and predict the performance of their network infrastructure.

The implementation of VitalNet's cookie-based authentication mechanism is flawed. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. 

http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>

Navigation

Suggest Exploit

Services By CQR