Authored by Andreas Fyhn Andersen, Mark Staal Steenberg, Oliver Lind Nordestgaard, Gionathan Armando Reale, Bilal El Ghoul

Reprise License Manager version 14.2 suffers from an unauthenticated session hijacking vulnerability via brute forcing.

advisories | CVE-2021-44151


# Product: Reprise License Manager 14.2
# Vendor: Reprise Software 
# CVE ID: CVE-2021-44151
# Vulnerability Title: Unauthenticated Session Hijacking
# Severity: Medium/High   
# Author(s): Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard   
# Date: 2021-11-25
#############################################################
Introduction:
As the session cookies are short and simple, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g.,/goforms/menu) and saving the name of the cookie sent with the response.
The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit.

Vulnerability:
Due to the session cookies being rather simple and predictable, a single session, can be brute forced in less than 3 minutes, on a laptop, and can therefore be considered very insecure.

Recommendation:
It is recommended to follow industry standards and use secure randomized complex session cookies which expire when not in use or the user de-authenticates.


RELATED ARTICLESMORE FROM AUTHOR