Title: Novell iChain Session Inheritance Vulnerability
Severity: MODERATE
Description:
Novell iChain Server is a web-based security product designed to implement and maintain various network-based access controls.
Novell has announced an issue in iChain that may permit a user to inherit another user's session. This may reportedly occur in circumstances where a new user's session is opened on the same port as another user. The situation is most likely to occur when two users are accessing the same port via the same proxy server and persistent browsing is enabled.
This could allow unauthorized access to another user's session, potentially exposing sensitive information or compromising other security properties associated with a user's access rights for the inherited session.
Affected Products:
- Novell iChain Server 2.2.0
- Novell iChain Server 2.2.0 FP1
- Novell iChain Server 2.2.0 FP1a
References:
- Novell: New user getting a previous user's session. - TID10085711
- Novell: iChain 2.2 Field Patch 2 - TID2966683
- Novell: iChain 2.2 Support Pack 2 beta - TID2967231
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
