Posted by RedTeam Pentesting GmbH on Jun 10

Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate as a currently logged-in user and perform administrative
tasks.

Details
=======

Product: Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400,…