VULHUB ™

The RightFax server uses a session ID to track users' connections to web-based fax services. This ID is predictable and legitimate session IDs can be generated arbitrarily. It is included in the URL, and by generating a session ID in use by another user it is possible to hijack their connection. This leads to the ability to send and read faxes as that user.

The RightFax server uses a session ID to track users' connections to web-based fax services. This ID is predictable and legitimate session IDs can be generated arbitrarily. It is included in the URL, and by generating a session ID in use by another user it is possible to hijack their connection. This leads to the ability to send and read faxes as that user.