Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-283332

Vulnerability Summary

The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

Exploits

Exploit DB: Barco wePresent Authentication Bypass
The Barco wePresent WiPG-1600W version 2518 web interface does not use session cookies for tracking authenticated sessions Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests Thus the "SEID" would be exposed in web proxy logs and browser history An attacker that is able to capture the "SEID" and ...

References

https://packetstormsecurity.com/files/160161/Barco-wePresent-Authentication-Bypass.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook