3 matches found
Design/Logic Flaw
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID...
CVE-2014-10400
CVE-2014-10400 affects CGILua’s session.lua in 5.0.x, where sequential session IDs enable remote attackers to predict and hijack arbitrary sessions. The vulnerability stems from the use of predictable session IDs, as noted in the CVE description, and CVE-2014-10400 was SPLIT from CVE-2014-2875. P...
CVE-2014-10400
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...