CVE-2010-5067

EUVD-2010-5031
Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
vwarvirtual_war
1.6.1:r2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dmcdonald.net/vwar.txt
http://seclists.org/fulldisclosure/2010/Aug/235
http://dmcdonald.net/vwar.txt
http://seclists.org/fulldisclosure/2010/Aug/235