User Enumeration and Session Cookie Exposure in Halvotec RaQuest 10.23.10801.0

User Enumeration and Session Cookie Exposure in Halvotec RaQuest 10.23.10801.0

CVE-2019-19611 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1

Learn more about our Web App Pen Testing.