GEN:SID 1:2441
Message WEB-MISC NetObserve authentication bypass attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in ExploreAnywhere Software's NETObserve.
Impact Execution of commands or control of remote machines being managed by the
software.
Detailed Information NETObserve is a software solution that can be used to remotely monitor
and control Windows based machines. It's interface is accessed via HTTP.

By setting a cookie value, used to send login information to NETObserve,
to 0 an attacker can bypass any checks on login credentials. This can
present the attacker with administrative privileges to the NETObserve
application which can be used to manage other remote client machines.
Affected Systems NETObserve
Attack Scenarios An attacker can set 'Cookie login:0' in a web request to the
administrative interface and gain administrator access to the
application.
Ease of Attack Simple. No exploit software required.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 9319