Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCertccCVELIST:CVE-2018-5385
HistoryJul 24, 2018 - 3:00 p.m.

CVE-2018-5385 Navarino Infinity web interface up to version 2.2 is prone to session fixation attacks

2018-07-2415:00:00
CWE-384
certcc
www.cve.org
6

AI Score

9.1

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.

CNA Affected

[
  {
    "product": "Infinity",
    "vendor": "Navarino",
    "versions": [
      {
        "lessThan": "2.2",
        "status": "affected",
        "version": "2.2",
        "versionType": "custom"
      }
    ]
  }
]

Related

cve 1
prion 1
nvd 1
cert 1
cve
cve
CVE-2018-5385
2018-07-24 15:29:01
prion
prion
Session fixation
2018-07-24 15:29:00
nvd
nvd
CVE-2018-5385
2018-07-24 15:29:01
cert
cert
Navarino Infinity web interface is affected by multiple vulnerabilities.
2018-03-27 00:00:00

AI Score

9.1

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON
Related for CVELIST:CVE-2018-5385
cve1prion1nvd1cert1