Critical severity9.8NVD Advisory· Published Apr 2, 2021· Updated Jun 17, 2026
CVE-2021-29012
CVE-2021-29012
Description
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DMA Softlab/Radius Managerdescription
- Range: = 4.4.0
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/164154/DMA-Softlab-Radius-Manager-4.4.0-Session-Management-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- github.com/1d8/publications/tree/main/cve-2021-29012nvdExploitThird Party Advisory
- sourceforge.net/projects/radiusmanager/nvdProductThird Party Advisory
News mentions
0No linked articles in our index yet.