cvedb.io
CVE-2018-5385
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-07-24T15:29:01.093 · Last modified 2026-06-17T02:00:14.120

Summary

Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some installations.

Affected products

navarino — infinity

Does this affect you?

Add your gear to cvedb and we'll alert you only when navarino ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.