Weak CGI Session ID Vulnerability in Dell EMC iDRAC

Weak CGI Session ID Vulnerability in Dell EMC iDRAC

CVE-2018-1243 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

Learn more about our Web Application Penetration Testing UK.