Easily Guessable Cookies in Surf-Net ASP Forum before 2.30 Allow Remote Administrative Privilege Escalation

Easily Guessable Cookies in Surf-Net ASP Forum before 2.30 Allow Remote Administrative Privilege Escalation

CVE-2001-0972 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

Learn more about our User Device Pen Test.