CVE-2007-3420

CVE-2007-3420 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

Learn more about our Web App Pen Testing.