Advisory Details

April 22nd, 2015

Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability

ZDI-15-149
ZDI-CAN-2579

CVE ID CVE-2015-0784
CVSS SCORE 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P
AFFECTED VENDORS Novell
AFFECTED PRODUCTS Zenworks
VULNERABILITY DETAILS


This vulnerability allows attackers to disclose Session ID's of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.

The specific flaw exists within Rtrlet.class. By sending a POST request with the maintenance variable set to "ShowLogins" the applet returns information about the logged in users. An attacker can leverage this to leak the Session ID's of the logged in users.
ADDITIONAL DETAILS Novell has issued an update to correct this vulnerability. More details can be found at:
https://www.novell.com/support/kb/doc.php?id=7016431
DISCLOSURE TIMELINE
  • 2015-01-15 - Vulnerability reported to vendor
  • 2015-04-22 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES