CVE Vulnerabilities

CVE-2001-0972

Published: Aug 31, 2001 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. 0888888.

Affected Software

Name Vendor Start Version End Version
Asp_forum Surf-net 2.20 2.20
Asp_forum Surf-net * 2.30

References