Weak Session Token Generation Algorithm in Osprey Pump Controller Version 1.01 Allows Authentication and Authorization Bypass

Weak Session Token Generation Algorithm in Osprey Pump Controller Version 1.01 Allows Authentication and Authorization Bypass

CVE-2023-28395 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.

Learn more about our Web Application Penetration Testing UK.