CVE-2001-0972

critical

Description

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7011

http://www.securityfocus.com/bid/3210

http://marc.info/?l=bugtraq&m=99834088223352&w=2

Details

Source: Mitre, NVD

Published: 2001-08-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H