vulnerability

Titan MFT: CVE-2023-45687: Session fixation on Remote Administration Server

Severity
7
CVSS
(AV:N/AC:M/Au:S/C:C/I:P/A:P)
Published
Oct 16, 2023
Added
Oct 16, 2023
Modified
Oct 26, 2023

Description


When an administrator authenticates to the remote administration server's API using an `Authorization` header (HTTP basic or digest authentication) and sets a `SRTSession` header value to a value known by an attacker (including the literal string `null`), the session token is granted privileges that the attacker can use.

Solution

titan-mft-october-updates
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.