Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Moderate

Nuuo Central Management Server Session Bruteforce

Disclosure Date: October 12, 2018 (last updated October 13, 2020)
Nuuo Central Management Server v3.1 and prior use an 8 digit session cookie that could be bruteforced. The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
0