The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to “persistent login,” probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
osvdb.org/62801
secunia.com/advisories/38882
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
www.securityfocus.com/bid/38608
exchange.xforce.ibmcloud.com/vulnerabilities/56771