6 matches found
SolarWinds Serv-U MFT Information Disclosure Vulnerability
SolarWinds Serv-U MFT is a set of U.S. SolarWinds FTP server software. A security vulnerability exists in SolarWinds Serv-U MFT versions prior to 15.1.6 HFv1, which stems from the program assigning session tokens with low entropy values to authenticated users, and the program requesting the token...
Session fixation
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...
CVE-2018-10240
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...
CVE-2018-10240
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...
CVE-2018-10240
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session...
CVE-2018-10240
SolarWinds Serv-U MFT before 15.1.6 HFv1 uses low-entropy session tokens assigned to authenticated users, which can be included as a URL parameter in lieu of a session cookie. An attacker can brute-force the token to obtain the corresponding session cookie and hijack the user’s session. Reported ...