Vulnerabilities > CVE-2010-1507 - Credentials Management vulnerability in Novell Suse Linux 11

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

novell

CWE-255

NVD

Published: 2010-09-03

Updated: 2010-09-06

Summary

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.

Vulnerable Configurations

Part	Description	Count
OS	Novell Novell Suse Linux 11	1
Hardware	Novell Novell Webyast Appliance *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://support.novell.com/security/cve/CVE-2010-1507.html
http://www.securityfocus.com/bid/42128
https://bugzilla.novell.com/show_bug.cgi?id=591345
https://bugzilla.novell.com/show_bug.cgi?id=598834