Vulnerabilities > CVE-2001-0972 - Unspecified vulnerability in Surf-Net ASP Forum 2.20

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

surf-net

critical

NVD

Published: 2001-08-31

Updated: 2017-07-11

Summary

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

Vulnerable Configurations

Part	Description	Count
Application	Surf-Net Surf NET ASP Forum 2.20 Surf NET ASP Forum *	2

References

http://marc.info/?l=bugtraq&m=99834088223352&w=2
http://www.securityfocus.com/bid/3210
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011