Encore Discovery Solution 4.3 Open Redirect / Session Token In URL

2014.08.28
Credit: CAaNES
Risk: Low
Local: No
Remote: Yes

Product: Encore Discovery Solution Vendor: Innovative Interfaces Inc Vulnerable Version: 4.3 Tested Version: 4.3 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Open Redirect [CWE-601] CVE Reference: CVE-2014-5127 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Discovered and Provided: CAaNES (Computational Analysis and Network Enterprise Solutions) Advisory Details: Open Redirect in Encore Discovery Solution: CVE-2014-5127 Using a maliciously crafted URL, an attacker is able to redirect users to an attacker-controlled parameter. References: [1] Innovative Interfaces Inc - http://www.iii.com/ [2] Encore Discovery Solution - http://www.iii.com/products/encore [3] Open Redirect - https://www.owasp.org/index.php/Open_redirect Product: Encore Discovery Solution Vendor: Innovative Interfaces Inc Vulnerable Version: 4.3 Tested Version: 4.3 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Session Token in URL [CWE-598] CVE Reference: CVE-2014-5128 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Discovered and Provided: CAaNES (Computational Analysis and Network Enterprise Solutions) Advisory Details: Session Token in URL in Encore Discovery Solution: CVE-2014-5128 The application passes the session token within the application GET query parameters. This behavior is considered dangerous due to the potential for information leakage. References: [1] Innovative Interfaces Inc - http://www.iii.com/ [2] Encore Discovery Solution - http://www.iii.com/products/encore [3] Session Token in URL - http://www.acunetix.com/vulnerabilities/session-token-in-url/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top