Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/173609/RWS-WorldServer-11.7.3-Session-Token-Enumeration.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Jul/30 | Exploit Mailing List Third Party Advisory |
https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver | Third Party Advisory |
Configurations
History
04 Aug 2023, 18:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-331 | |
CPE | cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:* | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jul/30 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/173609/RWS-WorldServer-11.7.3-Session-Token-Enumeration.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
01 Aug 2023, 15:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-01 15:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-38357
Mitre link : CVE-2023-38357
CVE.ORG link : CVE-2023-38357
JSON object : View
Products Affected
rws
- worldserver
CWE
CWE-331
Insufficient Entropy