Surf-Net ASP Forum Predictable Cookie ID Vulnerability

Surf-Net ASP Forum is a free, open-source web-based message board.

Versions earlier than 2.30 of Surf-Net ASP Forum will assign a predictable sequence number for cookies saved on the machine of the user(if they choose to rely upon cookie-based authentication). Instead of attempting to randomize the ID number assigned to cookies, ASP Forum uses a sequence number directly derived from the UserID of the forum user. This makes it possible for a malicious user to locally edit the saved cookie, substituting the appropriate adminstrative cookie ID number("0888888") for the one they were assigned.


 

Privacy Statement
Copyright 2010, SecurityFocus