Vulnerabilities > CVE-2002-0522 - Unspecified vulnerability in Asp-Nuke Rc1/Rc2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
asp-nuke
NVD
Published: 2002-08-12
Updated: 2024-11-20

Summary

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.

Vulnerable Configurations

Part Description Count
Application
Asp-Nuke
2

Seebug

bulletinFamilyexploit
descriptionBugCVE: CAN-2002-0522 BUGTRAQ: 4484 ASP-Nuke中Cookie存在设计问题,可导致攻击者以任意用户访问应用系统。 ASP-Nuke使用Cookie进行认证,当用户使用Cookie时,Cookie以非加密形式存储在本地系统上,攻击者可以通过修改Cookie信息,导致以任意用户权限访问ASP-Nuke系统,包括以管理员帐户权限访问。 ASP-Nuke RC1-RC2 厂商补丁: ASP-Nuke -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.asp-nuke.com/downloads.asp
idSSV:19611
last seen2017-11-19
modified2005-08-12
published2005-08-12
reporterRoot
titleASP-Nuke RC1-RC2 明文Cookie认证信息导致任意访问漏洞

References