DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-37110", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "Reprise License Manager 14.2 Session Hijacking Vulnerability", "description": "", "published": "2021-12-08T00:00:00", "modified": "2021-12-08T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://0day.today/exploit/description/37110", "reporter": "Andreas Fyhn Andersen", "references": [], "cvelist": ["CVE-2021-44151"], "immutableFields": [], "lastseen": "2021-12-16T09:59:10", "viewCount": 199, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-44151"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165191"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-44151"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165191"]}]}, "exploitation": null, "vulnersScore": 6.2}, "sourceHref": "https://0day.today/exploit/37110", "sourceData": "# Product: Reprise License Manager 14.2\n# Vendor: Reprise Software \n# CVE ID: CVE-2021-44151\n# Vulnerability Title: Unauthenticated Session Hijacking\n# Severity: Medium/High \n# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard \n#############################################################\nIntroduction:\nAs the session cookies are short and simple, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g.,/goforms/menu) and saving the name of the cookie sent with the response.\nThe attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.\n\nVulnerability:\nDue to the session cookies being rather simple and predictable, a single session, can be brute forced in less than 3 minutes, on a laptop, and can therefore be considered very insecure.\n\nRecommendation:\nIt is recommended to follow industry standards and use secure randomized complex session cookies which expire when not in use or the user de-authenticates.\n", "category": "web applications", "verified": true, "_state": {"dependencies": 1646261982}}

{"cve": [{"lastseen": "2022-03-23T19:48:55", "description": "An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-12-13T04:15:00", "type": "cve", "title": "CVE-2021-44151", "cwe": ["CWE-384"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-44151"], "modified": "2021-12-15T15:28:00", "cpe": ["cpe:/a:reprisesoftware:reprise_license_manager:14.2"], "id": "CVE-2021-44151", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44151", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2021-12-08T16:06:28", "description": "", "cvss3": {}, "published": "2021-12-08T00:00:00", "type": "packetstorm", "title": "Reprise License Manager 14.2 Session Hijacking", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-44151"], "modified": "2021-12-08T00:00:00", "id": "PACKETSTORM:165191", "href": "https://packetstormsecurity.com/files/165191/Reprise-License-Manager-14.2-Session-Hijacking.html", "sourceData": "` \n# Product: Reprise License Manager 14.2 \n# Vendor: Reprise Software \n# CVE ID: CVE-2021-44151 \n# Vulnerability Title: Unauthenticated Session Hijacking \n# Severity: Medium/High \n# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard \n# Date: 2021-11-25 \n############################################################# \nIntroduction: \nAs the session cookies are short and simple, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g.,/goforms/menu) and saving the name of the cookie sent with the response. \nThe attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. \n \nVulnerability: \nDue to the session cookies being rather simple and predictable, a single session, can be brute forced in less than 3 minutes, on a laptop, and can therefore be considered very insecure. \n \nRecommendation: \nIt is recommended to follow industry standards and use secure randomized complex session cookies which expire when not in use or the user de-authenticates. \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/165191/rlm142-hijack.txt", "cvss": {"score": 0.0, "vector": "NONE"}}]}