CVE-2005-4266

2022-10-0316:22:45

mitre

www.cve.org

alt-n

mdaemon

worldclient

vulnerability

session parameter

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.7%

JSON

WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.

References

secunia.com/advisories/17990

www.ipomonis.com/advisories/mdaemon.zip