CVE-2018-5385

Sažetak

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.

Reference

https://www.kb.cert.org/vuls/id/184077
https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-Injection-Session-Fixation.html
http://www.securityfocus.com/bid/103544
https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:58

Objavljeno

24-07-2018 - 15:29