In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HVersa Networks Versa Operating System
OSVersa-Networks< 16.1r2s1120.2.0 – 20.2.2 (bez)21.1.0 – 21.1.1 (bez)
Powiązane podatności
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access ...
In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting ...
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash func...
Versa Concerto SD-WAN: Authentication Bypass w konfiguracji Traefik reverse proxy
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...