Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Predictable Session ID
Vulnerability Description
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.
CVSS Information
N/A
Vulnerability Type
可预测问题
Vulnerability Title
Rittal IoT Interface & CMC III Processing Unit 安全漏洞
Vulnerability Description
Rittal IoT Interface & CMC III Processing Unit是德国Rittal公司的一个用于监控物理环境条件的传感器智能联网的关键组件。 Rittal IoT Interface & CMC III Processing Unit 6.21.00.2之前版本存在安全漏洞,该漏洞源于会话 ID 生成算法的熵不足,导致会话 ID 是可预测的,致使设备容易受到会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A