Predictable Session ID Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices

Predictable Session ID Vulnerability in Digital Alert Systems DASDEC and Monroe Electronics R189 One-Net EAS Devices

CVE-2013-4732 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding.

Learn more about our Web App Pen Testing.