发布时间 :2001-08-31 00:00:00
修订时间 :2016-10-17 22:13:59

[原文]Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

[CNNVD]Surf-Net ASP Forum可预测Cookie ID漏洞(CNNVD-200108-186)

        Surf-Net ASP Forum 2.30之前版本使用基于UserID的易可猜测的cookies。远程攻击者通过计算管理cookie值(UserID 1)也就是"0888888"提升管理特权。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010820 security problem in surf-net ASP Discussion Forum < 2.30
(UNKNOWN)  XF  surfnet-asp-cookie-seq-predictable(7011)

- 漏洞信息

Surf-Net ASP Forum可预测Cookie ID漏洞
危急 设计错误
2001-08-31 00:00:00 2005-10-20 00:00:00
        Surf-Net ASP Forum 2.30之前版本使用基于UserID的易可猜测的cookies。远程攻击者通过计算管理cookie值(UserID 1)也就是"0888888"提升管理特权。

- 公告与补丁

        The vendor has repaired this issue in versions 2.30 and later.

- 漏洞信息

Surf-Net ASP Forum Predictable Cookie Weakness

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-08-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Surf-Net ASP Forum Predictable Cookie ID Vulnerability
Design Error 3210
Yes No
2001-08-20 12:00:00 2009-07-11 07:56:00
This vulnerability was submitted to BugTraq by Mark Lastdrager <> on August 20th, 2001.

- 受影响的程序版本

Surf-Net ASP Forum 2.20
Surf-Net ASP Forum 2.30

- 不受影响的程序版本

Surf-Net ASP Forum 2.30

- 漏洞讨论

Surf-Net ASP Forum is a free, open-source web-based message board.

Versions earlier than 2.30 of Surf-Net ASP Forum will assign a predictable sequence number for cookies saved on the machine of the user(if they choose to rely upon cookie-based authentication). Instead of attempting to randomize the ID number assigned to cookies, ASP Forum uses a sequence number directly derived from the UserID of the forum user. This makes it possible for a malicious user to locally edit the saved cookie, substituting the appropriate adminstrative cookie ID number("0888888") for the one they were assigned.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has repaired this issue in versions 2.30 and later.

- 相关参考