Static Session Cookies in Virtual War (VWar) 1.6.1 R2 Allow Remote Attackers to Bypass Timeout and Logout Actions

Static Session Cookies in Virtual War (VWar) 1.6.1 R2 Allow Remote Attackers to Bypass Timeout and Logout Actions

CVE-2010-5067 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.

Learn more about our User Device Pen Test.