CVE-2015-8368

ntopng < 2.0.151021 - Authenticated Privilege Escalation via User Cookie and Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8368. PoCs published by Dolev Farhi.

AI-analyzed exploit summary This exploit describes a privilege escalation vulnerability in ntop-ng <= 2.0.151021, where an attacker can reset the admin password by intercepting and modifying HTTP parameters during a password change request.

Description

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

Exploits (1)

exploitdb WRITEUP

by Dolev Farhi · textwebappsmultiple

https://www.exploit-db.com/exploits/38836

View Code ZIP pw:eip

This exploit describes a privilege escalation vulnerability in ntop-ng <= 2.0.151021, where an attacker can reset the admin password by intercepting and modifying HTTP parameters during a password change request.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ntop-ng <= 2.0.151021

Auth required

Prerequisites: Access to an unprivileged account · Ability to intercept and modify HTTP requests

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/Dec/10

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38836/

Scores

EPSS 0.0539

EPSS Percentile 91.6%

Details

CWE

CWE-254

Status published

Products (1)

ntop/ntopng < 2.0.151021

Published Dec 17, 2015

Tracked Since Feb 18, 2026