Spacewalk Vulnerability: Expired Authentication Session Manipulation

Spacewalk Vulnerability: Expired Authentication Session Manipulation

CVE-2019-10136 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

Learn more about our Web Application Penetration Testing UK.