CVE-2021-29012
N/A
N/A
Summary
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://sourceforge.net/projects/radiusmanager/
- https://github.com/1d8/publications/tree/main/cve-2021-29012
- http://packetstormsecurity.com/files/164154/DMA-Softlab-Radius-Manager-4.4.0-Session-Management-Cross-Site-Scripting.html
References
- https://sourceforge.net/projects/radiusmanager/
- https://github.com/1d8/publications/tree/main/cve-2021-29012
- http://packetstormsecurity.com/files/164154/DMA-Softlab-Radius-Manager-4.4.0-Session-Management-Cross-Site-Scripting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.