Vulnerability Description
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Navarino | Infinity | < 2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103544Third Party AdvisoryVDB Entry
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/184077Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/103544Third Party AdvisoryVDB Entry
- https://medium.com/%40evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
- https://packetstormsecurity.com/files/146506/Navarino-Infinity-Blind-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/184077Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5385?
CVE-2018-5385 is a vulnerability with a CVSS score of 8.8 (HIGH). Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could...
How severe is CVE-2018-5385?
CVE-2018-5385 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5385?
Check the references section above for vendor advisories and patch information. Affected products include: Navarino Infinity.