WombatDialer Session Impersonation Vulnerability via Improper Cookie Handling

Vulnerability

A vulnerability exists in WombatDialer versions prior to 25.02 due to incorrect handling of cookie sessions. This flaw allows the full session identity to be logged in system files, potentially enabling a malicious attacker to impersonate an active user session.

Impact

Exploitation of this vulnerability could lead to unauthorized impersonation of user sessions, allowing attackers to act on behalf of legitimate users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WombatDialer Session Impersonation Vulnerability via Improper Cookie Handling

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating