3 matches found
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
CVE-2018-9080 Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
CVE-2018-9080
CVE-2018-9080 affects certain Iomega/LenovoEMC NAS devices (firmware 4.1.402.34662 and earlier). The vulnerability allows session compromise via session fixation: an authenticated user’s session cookie can be manipulated by setting a known Iomega cookie value, after which the device fails to issu...