Sign In
Advisories

VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation

Go Back
severity
high
date
Affecting

  • VestaCP 0.9.8-26

CWE
  • CWE-863 Incorrect Authorization
CVSS
8.7
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
Vulnerability-Lab
Description
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.