CVE-2007-3420 Information

Description

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username (2) password (3) usertheme and (4) userlang cookies for unauthorized users which has unknown impact and remote attack vectors.

Reference

http://osvdb.org/45401 http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458 http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip