Description
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14527
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013406
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19646
Patch x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
Scores
EPSS
0.0028
EPSS Percentile
51.3%
Details
Status
published
Products (2)
novell/ichain
2.2
novell/ichain
2.3
Published
May 02, 2005
Tracked Since
Feb 18, 2026