Session Hijacking Vulnerability in Novell eDirectory Web Service
CVE-2009-4655

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 26 February 2010

Summary

The dhost web service in Novell eDirectory 8.8.5 is susceptible to session hijacking due to the use of a predictable session cookie. This vulnerability allows attackers to exploit the session management mechanism, enabling them to impersonate legitimate users by modifying the session cookie. An attacker can remotely gain unauthorized access to user sessions, potentially leading to severe security breaches and unauthorized actions within the system.

References

http://www.metasploit.com/modules/auxiliary/admin/edirect...

x_refsource_MISC

http://osvdb.org/60035

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/56613

vdb-entryx_refsource_XF

EPSS Score

60% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 26, 2010
Vulnerability Reserved
Feb 26, 2010