Executive Summary

CVE-2020-36913 is a session fixation vulnerability in All-Dynamics Software enlogic:show version 2.0.2. It allows attackers to set a predefined PHP session identifier during the login process by forging HTTP GET requests to the welcome.php page with a manipulated session token. This enables attackers to bypass authentication and potentially perform cross-site request forgery (CSRF) attacks. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to bypass authentication mechanisms, leading to unauthorized access. Attackers can fix a session ID and trick users into using it, enabling privilege escalation and further attacks such as cross-site request forgery (CSRF) and potentially cross-site scripting. This compromises the security of the affected system and can lead to unauthorized actions performed on behalf of legitimate users. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring HTTP GET requests to the welcome.php page for manipulated or predefined PHP session identifiers in the URL parameters. Specifically, look for session fixation attempts where the PHP session ID is set via GET requests during the login process. Network traffic inspection tools or web server logs can be used to identify such suspicious requests. While no specific commands are provided, using tools like curl or wget to simulate requests with fixed PHP session IDs to welcome.php, or using web application scanners that detect session fixation vulnerabilities, can help detect this issue. [2]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the enlogic:show software to version 2.0.3 (Build 2102) or later, as this version addresses and fixes the session fixation vulnerability. Additionally, avoid using manipulated session tokens in URLs and ensure that session identifiers are securely managed and regenerated upon login to prevent session fixation attacks. [1, 2]

Useful 0 Not Useful 0