3 matches found
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...
CVE-2009-5014
The default quickstart configuration of TurboGears2 aka tg2 before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852...
CVE-2009-5014
CVE-2009-5014 affects TurboGears2 (tg2) in its default quickstart config prior to 2.0.2, where a weak cookie salt allows remote attackers to bypass repoze.who authentication via a forged authorization cookie. This vulnerability is closely related to CVE-2010-3852 (Luci) in that both describe inse...