For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2024-08-05T07:17:50.641Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9080

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-28T20:29:01.313

Modified: 2024-11-21T04:14:56.077

Link: CVE-2018-9080

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.