Vulnerabilities > CVE-2010-5067 - Credentials Management vulnerability in Vwar Virtual WAR 1.6.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |