Vulnerabilities > CVE-2002-0522 - Authentication Credentials User Account Compromise vulnerability in ASP-Nuke Plaintext Cookie

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
asp-nuke

Summary

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.

Vulnerable Configurations

Part Description Count
Application
Asp-Nuke
2

Seebug

bulletinFamilyexploit
descriptionBugCVE: CAN-2002-0522 BUGTRAQ: 4484 ASP-Nuke中Cookie存在设计问题,可导致攻击者以任意用户访问应用系统。 ASP-Nuke使用Cookie进行认证,当用户使用Cookie时,Cookie以非加密形式存储在本地系统上,攻击者可以通过修改Cookie信息,导致以任意用户权限访问ASP-Nuke系统,包括以管理员帐户权限访问。 ASP-Nuke RC1-RC2 厂商补丁: ASP-Nuke -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.asp-nuke.com/downloads.asp
idSSV:19611
last seen2017-11-19
modified2005-08-12
published2005-08-12
reporterRoot
titleASP-Nuke RC1-RC2 明文Cookie认证信息导致任意访问漏洞