Exploitation Summary
EIP tracks 1 public exploit for CVE-2002-0236. PoCs published by Mark Cooper.
AI-analyzed exploit summary This exploit leverages a flawed cookie-based authentication mechanism in VitalNet, allowing an attacker to bypass authentication by guessing a valid username. The exploit involves sending a crafted HTTP request to set a cookie with the guessed username, granting unauthorized access.
Description
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.
Exploits (1)
This exploit leverages a flawed cookie-based authentication mechanism in VitalNet, allowing an attacker to bypass authentication by guessing a valid username. The exploit involves sending a crafted HTTP request to set a cookie with the guessed username, granting unauthorized access.