Security Vulnerability - eDirectory DHOST Predictable Session Cookie

  • 7005467
  • 09-Mar-2010
  • 27-Jan-2014


Novell eDirectory 8.8 for All Platforms


This module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session.


This issue has been fixed in eDirectory

Apply the eDirectory or the lastest version available at


Reported to Engineering
Security Alert

Additional Information

Reported by Secunia as SA38808