Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ntopng 安全漏洞
Vulnerability Description
ntopng(又名ntop)是意大利ntop公司的一套新一代跨平台基于Web的网络流量分析和监控的工具。该工具支持自动从网络中识别有用的信息、将截获的数据包转换成易于识别的格式和对网络环境中通信失败的情况进行分析等。 ntopng 3.4.180617之前的3.4版本中存在安全漏洞。攻击者可通过预知运行该服务的主机所使用的操作系统和标准库利用该漏洞劫持用户会话,提升访问权限。
CVSS Information
N/A
Vulnerability Type
N/A