Insecure Random Number Generation Vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS, and BlaB! WS Pro (Version 19.11) Allows Privilege Escalation

Insecure Random Number Generation Vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS, and BlaB! WS Pro (Version 19.11) Allows Privilege Escalation

CVE-2020-9449 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.

Learn more about our User Device Pen Test.