← volver
CVE-2010-1136

CVE-2010-1136

EPSS 1.7%
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releaseshttp://osvdb.org/62801http://secunia.com/advisories/38882https://exchange.xforce.ibmcloud.com/vulnerabilities/56771http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196http://www.securityfocus.com/bid/38608