Session Fixation Vulnerability in ZoneMinder by ZoneMinder Community
CVE-2016-10205

7.3HIGH

Key Information:

Vendor

Zoneminder

Status
Zoneminder
Vendor
CVE Published:
3 March 2017

What is CVE-2016-10205?

A session fixation vulnerability exists in ZoneMinder 1.30 and earlier, enabling remote attackers to hijack user web sessions by manipulating the ZMSESSID cookie. This flaw exposes users to potential unauthorized access and control over their web sessions, posing a significant security risk. Attackers can exploit this vulnerability to assume the identities of legitimate users, leading to unauthorized actions within the application.

References

http://www.openwall.com/lists/oss-security/2017/02/05/1
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/97116
vdb-entryx_refsource_BID
https://www.foxmole.com/advisories/foxmole-2016-07-05.txt
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-10205 : Session Fixation Vulnerability in ZoneMinder by ZoneMinder Community