CVE-2010-1136
N/A
N/A
Summary
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- http://www.securityfocus.com/bid/38608
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://osvdb.org/62801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
- http://secunia.com/advisories/38882
References
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- http://www.securityfocus.com/bid/38608
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://osvdb.org/62801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
- http://secunia.com/advisories/38882
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.