Aipo Session Fixation Vulnerability
BID:25843
Info
Aipo Session Fixation Vulnerability
| Bugtraq ID: | 25843 |
| Class: | Design Error |
| CVE: |
CVE-2007-5154 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 28 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Ishikawa Hiroshi is credited with the discovery of this vulnerability. |
| Vulnerable: |
Aimluck Aipo-Asp 3.0.1 0 Aimluck Aipo 3.0.1 0 |
| Not Vulnerable: |
Aimluck Aipo-Asp 3.2 4 Aimluck Aipo 3.2 4 |
Discussion
Aipo Session Fixation Vulnerability
Aipo is prone to a session-fixation vulnerability because of a design error in the application.
When an unsuspecting victim logs in, an attacker can hijack the session and gain unauthorized access to the affected application.
This issue affects Aipo and Aipo ASP 3.0.1.0 and prior versions; other versions may also be affected.
Aipo is prone to a session-fixation vulnerability because of a design error in the application.
When an unsuspecting victim logs in, an attacker can hijack the session and gain unauthorized access to the affected application.
This issue affects Aipo and Aipo ASP 3.0.1.0 and prior versions; other versions may also be affected.
Exploit / POC
Aipo Session Fixation Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI. The attacker can then use a browser to gain unauthorized access to a vulnerable application.
To exploit this issue, an attacker must entice an unsuspecting user to follow a malicious URI. The attacker can then use a browser to gain unauthorized access to a vulnerable application.
Solution / Fix
Aipo Session Fixation Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Aipo Session Fixation Vulnerability
References:
References:
- AIPO Homepage (Aimluck)
- AIPO Update Homepage (Aimluck)
- JVN#70075625 (JVN)