2018-09-28 20:00:00
lenovo
PUBLISHED
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NASs web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookies value to compromise the users session.