2 matches found
CVE-2020-8434
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
CVE-2020-8434
Jenzabar JICS (Internet Campus Solution) is affected by CVE-2020-8434 in versions prior to 9.0.1 Patch 3, 9.1 prior to 9.1.2 Patch 2, and 9.2 prior to 9.2.2 Patch 8. The issue is that session cookies are derived from the username via a PBKDF-based scheme and AES, with a hard-coded password used t...