An issue exists on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices prior to 4.1.2. An incorrect web server configuration allows a remote unauthenticated malicious user to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
al-enterprise omnivista 4760 |
||
al-enterprise omnivista 8770 |