Insecure Account Creation in Slashcode 2.0 Allows Unauthorized Access via Brute Force Attack

Insecure Account Creation in Slashcode 2.0 Allows Unauthorized Access via Brute Force Attack

CVE-2001-1535 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.

Learn more about our User Device Pen Test.