Описание
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-1136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://osvdb.org/62801
- http://secunia.com/advisories/38882
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- http://www.securityfocus.com/bid/38608
EPSS
CVE ID
Связанные уязвимости
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...
EPSS