CVE-2005-0408
CitrusDB 0.3.6 and earlier uses an authentication cookie id_hash which is md5(user_name + 'boogaadeeboo'); because id_hash is derived from the username with a hard-coded suffix, an attacker who knows a valid username can compute the MD5 and forge the cookie to bypass authentication and gain privi...