CVE-2010-1507

Severity CVSS v4.0:
Pending analysis
Type:
CWE-255 Credentials Management
Publication date:
03/09/2010
Last modified:
11/04/2025

Description

WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the WebYaST appliance uses a fixed secret key that is embedded in the appliance's image, which allows remote attackers to spoof session cookies by leveraging knowledge of this key.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:novell:suse_linux:11:-:enterprise:*:*:*:*:*
cpe:2.3:h:novell:webyast_appliance:*:*:*:*:*:*:*:*