Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ocPortal CMS 8.x Session Hijacking

🗓️ 19 Aug 2012 00:00:00Reported by Aung KhantType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 40 Views

ocPortal CMS 8.x Session Hijacking vulnerability in session ID generation allows compromise of admin session

Code
`1. OVERVIEW  
  
ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking  
flaw which could allow attackers to compromise administrator session.  
  
  
2. PRODUCT DESCRIPTION  
  
ocPortal is the website Content Management System (a CMS) for building  
and maintaining a dynamic website. ocPortal's powerful feature-set  
means there's always a way to accomplish your vision. Not only does  
ocPortal's CMS have all the features you'd expect: for instance photo  
galleries, news, file downloads and community forums/chats, but it  
does so whilst meeting the highest accessibility and professional  
standards. It is also smart enough to go beyond page management, to  
automatically handle search engine optimisation, and provide  
aggressive hack attack prevention.  
  
  
3. VULNERABILITY DESCRIPTION  
  
The ocPoral CMS generates 7-digit session IDs for logged-in users;  
thus it is possible to work out a valid session ID through brute  
forcing. Successful hijacking requires the "Enforce IP addresses for  
sessions" option be disabled. However, when a user's IP is highly  
dynamic, this option will likely to be disabled as it would invalidate  
logged-in sessions. In other way, if a user and an attacker happened  
to be within the same subnet, the attack would succeed regardless of  
the "Enforce IP" setting turning on.  
  
  
4. VERSIONS AFFECTED  
  
Tested on version 8.1.2  
  
  
5. PROOF-OF-CONCEPT/EXPLOIT  
  
sample session cookie: ocp_session=8711789  
  
  
6. SOLUTION  
  
No fix is available as of 2012-08-19.  
Workaround is to set enabled for the option, "Enforce IP addresses for  
sessions".  
  
  
7. VENDOR  
  
ocPortal Development Team  
http://www.ocportal.com/  
  
  
8. CREDIT  
  
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN  
Ethical Hacker Group, Myanmar.  
  
  
9. DISCLOSURE TIME-LINE  
  
2012-07-29: notified vendor, vendor did not plan to release fix  
because of default deployed workaround  
2012-08-19: vulnerability disclosed  
  
  
10. REFERENCES  
  
Original Advisory URL:  
http://yehg.net/lab/pr0js/advisories/2wire/%5Bocportal_8x%5D_session_hijacking_vulnerability  
  
  
#yehg [2012-08-19]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Aug 2012 00:00Current
0.2Low risk
Vulners AI Score0.2
ocportal cmssession hijackingadmin compromisevulnerabilitydynamic websiteip address enforcement
40