Vulnerability: Unauthorized Access to Administrative LDAP Credentials in Alcatel-Lucent OmniVista 4760 and 8770 Devices

Vulnerability: Unauthorized Access to Administrative LDAP Credentials in Alcatel-Lucent OmniVista 4760 and 8770 Devices

CVE-2019-20047 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.

Learn more about our Web App Pen Testing.