Reported January 30, 2003, by Eitan Caspi.

 

VERSIONS AFFECTED

 

  • Compaq Insight Manager HTTP Server 5.1.0

 

DESCRIPTION

 

An authentication vulnerability in Compaq Insight Manager HTTP Server 5.1.0 can permit a non-privileged user access to the system. If a legitimate user logs on to the Web Agent Service through HTTPS on port 2301 and doesn't use the Logout function, the session remains valid for 15 minutes, even after the browser is closed. This timeframe can let a non-privileged user on the same system log on with privileged access.

 

VENDOR RESPONSE

 

Compaq says that version 5.3 isn't vulnerable to this condition.

 

CREDIT

 

Discovered by Eitan Caspi.