header-logo
Suggest Exploit
vendor:
VitalSuite SP
by:
SecurityFocus
7.5
CVSS
HIGH
Cookie-based Authentication Flaw
287
CWE
Product Name: VitalSuite SP
Affected Version From: VitalNet 1.0
Affected Version To: VitalNet 1.0
Patch Exists: YES
Related CWE: CVE-2001-0753
CPE: a:lucent:vitalsuite_sp
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

Cookie-based Authentication Flaw

VitalNet, part of Lucent's VitalSuite SP product family, contains a flaw in its cookie-based authentication mechanism. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. This is done by sending a specially crafted HTTP request to the server, such as http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>.

Mitigation:

Lucent has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3784/info

VitalNet is part of Lucent's VitalSuite SP product family. VitalNet allows users to monitor, analyze, manage and predict the performance of their network infrastructure.

The implementation of VitalNet's cookie-based authentication mechanism is flawed. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. 

http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>

Navigation

Suggest Exploit

Services By CQR