Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-02-02T05:00:00

Updated: 2024-08-08T04:37:06.908Z

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-0972

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2001-08-31T04:00:00.000

Modified: 2024-11-20T23:36:34.050

Link: CVE-2001-0972

cve-icon Redhat

No data.