Reported January 30, 2003, by Eitan Caspi.
Compaq Insight Manager HTTP Server 5.1.0
An authentication vulnerability in Compaq Insight Manager HTTP Server 5.1.0 can permit a non-privileged user access to the system. If a legitimate user logs on to the Web Agent Service through HTTPS on port 2301 and doesn't use the Logout function, the session remains valid for 15 minutes, even after the browser is closed. This timeframe can let a non-privileged user on the same system log on with privileged access.
Compaq says that version 5.3 isn't vulnerable to this condition.
Discovered by Eitan Caspi.