Vulnerabilities > CVE-2015-0544 - Session Cookie Generation Weakness vulnerability in EMC Secure Remote Services 3.02/3.03/3.04
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |