vulnerability
Titan MFT: CVE-2023-45687: Session fixation on Remote Administration Server
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:S/C:C/I:P/A:P) | Oct 16, 2023 | Oct 16, 2023 | Oct 26, 2023 |
Severity
7
CVSS
(AV:N/AC:M/Au:S/C:C/I:P/A:P)
Published
Oct 16, 2023
Added
Oct 16, 2023
Modified
Oct 26, 2023
Description
When an administrator authenticates to the remote administration server's API using an `Authorization` header (HTTP basic or digest authentication) and sets a `SRTSession` header value to a value known by an attacker (including the literal string `null`), the session token is granted privileges that the attacker can use.
Solution
titan-mft-october-updates
References
- CVE-2023-45687
- https://attackerkb.com/topics/CVE-2023-45687
- URL-https://helpdesk.southrivertech.com/portal/en/kb/articles/security-patch-for-issues-cve-2023-45685-through-cve-2023-45690
- URL-https://www.rapid7.com/blog/post/2023/10/16/multiple-vulnerabilities-in-south-river-technologies-titan-mft-and-titan-sftp-fixed/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.