Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.
Automated Logic WebCTRL and Carrier i-Vu Session Fixation
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.
This vulnerability has been remediated in the latest patch for WebCTRL 8.0 and Carrier i-Vu and cumulative releases for both product versions 8.5 and above. Please be aware that WebCTRL and i-Vu versions 7.0, 6.5, and 6.1 are no longer supported. To safeguard against these vulnerabilities, upgrading to the latest WebCTRL and i-Vu software is strongly recommended.
Configurations
Workarounds
Exploits
Credits
reporter
Matthew Gregory (Verizon Network Security Red Team)
reporter
Jeffery Jackson (Verizon Network Security Red Team)
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.