Weak CGI Session ID Vulnerability in Dell EMC iDRAC
CVE-2018-1243 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
Learn more about our Web Application Penetration Testing UK.