4 matches found
Ubuntu 16.04 ESM / 18.04 ESM : ntopng vulnerability (USN-4842-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4842-1 advisory. It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this...
ntopng Network Analyzer Authentication Bypass (CVE-2018-12520)
An authentication bypass vulnerability exists in ntopng network analyzer. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow a remote attacker to hijack a user's session and escalating...
CVE-2018-12520
ntopng is affected by CVE-2018-12520: in versions prior to 3.4.180617, the PRNG used to generate session IDs is not seeded at startup, leading to deterministic session IDs and enabling a remote attacker to hijack user sessions. Public advisories (Ubuntu USN-4842-1, OSV entries) confirm the vulner...
CVE-2018-12520
Removed by vendor...