Idera Server Backup Manager (R1Soft) – Session Fixation Vulnerability
Idera Server Backup Manager is an affordable, high-performance, disk-to-disk backup software for Linux and Windows servers. (This software was previously more commonly known as R1Soft Backup.)
It is possible for a malicious user to clone an authenticated user / admin session which could result in unauthorized access.
Vendor Contact Timeline:
2014-09-10: Vendor contacted via email.
2014-09-10: Vendor confirms vulnerability.
2014-10-27: Vendor issues update.
2014-10-29: RACK911 Labs issues security advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119