Session Hijacking Vulnerability in Novell iChain Product
CVE-2005-0744

Currently unrated

Key Information:

Vendor: Novell
Status: Ichain
Vendor: CVE Published:; 2 May 2005

Summary

The web GUI of Novell iChain versions 2.2 and 2.3 SP2/SP3 is susceptible to session hijacking attacks. Attackers can exploit this vulnerability by monitoring the connection over TCP port 51100 to capture authentication credentials, or by retrieving and reusing the PCZQX02 authentication cookie stored in clients' browsers. This can lead to unauthorized access, allowing attackers to gain administrative privileges without proper authorization. Users of affected versions must ensure they implement necessary security measures to protect their web interactions.

References

http://secunia.com/advisories/14527

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1013406

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/19646

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Mar 13, 2005