Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vitalanalysis | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalanalysis | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalanalysis | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalevent | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalevent | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalevent | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalhelp | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalhelp | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalhelp | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalnet | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalnet | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalnet | Lucent | 8.2 (including) | 8.2 (including) |
| Vitalsuite | Lucent | 8.0 (including) | 8.0 (including) |
| Vitalsuite | Lucent | 8.1 (including) | 8.1 (including) |
| Vitalsuite | Lucent | 8.2 (including) | 8.2 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=101294507827698\u0026w=2
- http://www.iss.net/security_center/static/7936.php
- http://www.securityfocus.com/bid/3784
- http://marc.info/?l=bugtraq\u0026m=101294507827698\u0026w=2
- http://www.iss.net/security_center/static/7936.php
- http://www.securityfocus.com/bid/3784