Summary
This host is installed with aMSN and is prone to session hijack vulnerability.
Impact
Successful exploitation will let attackers to hijack a session by visiting an unattended workstation.
Impact Level: Application
Solution
Upgrade to the aMSN version 0.97.1,
For updates refer to http://sourceforge.net/projects/amsn/files/
Insight
The flaw is due to the error in 'login_screen.tcl' which saves a password after logout which allows attackers to hijack a session.
Affected
aMSN vesrion prior to 0.97.1
References
Severity
Classification
-
CVE CVE-2008-7255 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities