Novell eDirectory DHost Predictable Session ID

High Nessus Plugin ID 45109


The remote web server generates predictable session IDs.


The eDirectory DHost web server running on the remote host generates predictable session IDs.

A remote attacker could exploit this by predicting the session ID of a legitimately logged-in user, which could lead to the hijacking of administrative sessions.


There is no known solution at this time.

Plugin Details

Severity: High

ID: 45109

File Name: edir_dhost_predictable_ids.nasl

Version: $Revision: 1.8 $

Type: remote

Family: Web Servers

Published: 2010/03/19

Modified: 2015/01/14

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2009/11/13

Reference Information

CVE: CVE-2009-4655

BID: 38782

OSVDB: 60035

Secunia: 38808

CWE: 310