Lucent 8.x - VitalNet Password Authentication Bypass
| EKU-ID: 26718 | CVE: CVE-2002-0236;OSVDB-4261 | OSVDB-ID: |
| Author: Mark Cooper | Published: 2002-01-16 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26718 | CVE: CVE-2002-0236;OSVDB-4261 | OSVDB-ID: |
| Author: Mark Cooper | Published: 2002-01-16 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/3784/info VitalNet is part of Lucent's VitalSuite SP product family. VitalNet allows users to monitor, analyze, manage and predict the performance of their network infrastructure. The implementation of VitalNet's cookie-based authentication mechanism is flawed. An attacker who successfully guesses a correct username can gain access to the server without need of a valid password. http://<serverip>/cgi-bin/VsSetCookie.exe?vsuser=<user_name>