Lucene search
PRIOn knowledge basePRION:CVE-2010-1136HistoryMar 27, 2010 - 7:07 p.m.
Design/Logic Flaw
2010-03-2719:07:00
PRIOn knowledge base
www.prio-n.com
1
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to “persistent login,” probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
References
info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
osvdb.org/62801
secunia.com/advisories/38882
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
www.securityfocus.com/bid/38608
exchange.xforce.ibmcloud.com/vulnerabilities/56771
Related
cvelist
cvelist
CVE-2010-1136
2010-03-26 21:00:00
cve
cve
CVE-2010-1136
2010-03-27 19:07:11
nvd
nvd
CVE-2010-1136
2010-03-27 19:07:11
openvas
openvas
Tiki Wiki CMS Groupware < 4.2 Multiple Unspecified Vulnerabilities
2010-03-15 00:00:00