The RightFax web client uses predictable session numbers, which allows remote malicious users to hijack user sessions.
avt rightfax 5.2