| Vulnerability Name: | CVE-2018-12520 (CCN-145704) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-07-02 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-07-02 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2019-10-03 | ||||||||||||||||||||||||||||||||||||
| Summary: | An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-335 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-12520 Source: CCN Type: Full-Disclosure Mailing List, Mon, 2 Jul 2018 18:48:40 +0100 ntop-ng < 3.4.180617 - Authentication bypass / session hijacking Source: FULLDISC Type: Mailing List, Third Party Advisory 20180702 ntop-ng < 3.4.180617 - Authentication bypass / session hijacking Source: XF Type: UNKNOWN ntopng-cve201812520-sec-bypass(145704) Source: MISC Type: Third Party Advisory https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f Source: CCN Type: ntopng GIT Repository Added code to randomize values returned by rand() Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a Source: CCN Type: Packet Storm Security [07-02-2018] ntop-ng Authentication Bypass Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 44973 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||