JVN#20689557 Predictable session ID vulnerability in Serene Bach

2009-06-08T00:00:00
ID JVN:20689557
Type jvn
Reporter Japan Vulnerability Notes
Modified 2009-06-10T00:00:00

Description

## Description

Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's.

## Impact

A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored in Serene Bach.

## Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

## Products Affected

  • Serene Bach 2.20R and earlier
  • Serene Bach 3.00 beta023 and earlier