Summary
This host is installed with aMSN and is prone to session hijack vulnerability.
Impact
Successful exploitation will let attackers to hijack a session by visiting an unattended workstation.
Impact Level: Application
Solution
Upgrade to the aMSN version 0.97.1,
For updates refer to http://sourceforge.net/projects/amsn/files/
Insight
The flaw is due to the error in 'login_screen.tcl' which saves a password after logout which allows attackers to hijack a session.
Affected
aMSN vesrion prior to 0.97.1
References
Severity
Classification
-
CVE CVE-2008-7255 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)