Vulnerabilities > CVE-2013-7436 - Cryptographic Issues vulnerability in Kanaka Novnc 0.4

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE

Summary

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

Vulnerable Configurations

Part Description Count
Application
Kanaka
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Redhat

advisories
  • rhsa
    idRHSA-2015:0788
  • rhsa
    idRHSA-2015:0833
  • rhsa
    idRHSA-2015:0834
  • rhsa
    idRHSA-2015:0884
rpms
  • novnc-0:0.5.1-2.el7ost
  • novnc-0:0.5.1-2.el6ost
  • novnc-0:0.5.1-2.el7ost
  • novnc-0:0.5.1-2.el6ost