Skip to Main Content Area

Iomega StorCenter Pro Session Identifier Prediction Weakness

Iomega StorCentre Pro Network-Attached-Storage contains a flaw that may allow an unauthenticated user to bypass access control and gain access to the administrator account.

The issue is due to a flaw in the web application session id generation and can be easily brute forced. This flaw may lead to a loss of confidentiality and integrity.

OSI Security has released a Metasploit Module to exploit this vulnerability.

Phone: 1300 953 324 | Fax: 1300 956 840 | PO Box 101, Concord NSW 2137, (Sydney) Australia | info@osisecurity.com.au.
Copyright 2010 - 2012, OSI Security Pty Ltd. All rights reserved. ACN 144 579 751. Privacy policy.

Iomega StorCenter Pro Session Identifier Prediction Weakness

Request more information