Vulnerabilities > CVE-2005-0744 - Remote Security vulnerability in iChain Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

novell

critical

NVD

Published: 2005-05-02

Updated: 2017-07-11

Summary

The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Ichain 2.2 Novell Ichain 2.3	2

References

http://secunia.com/advisories/14527
http://securitytracker.com/id?1013406
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/19646