CVE-2006-0411 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-0411

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Affected Software

Name	Vendor	Start Version	End Version
Claroline	Claroline	1.7.2 (including)	1.7.2 (including)

References

http://secunia.com/advisories/18588
http://www.securityfocus.com/archive/1/422482
http://www.securityfocus.com/bid/16341
http://www.vupen.com/english/advisories/2006/0320
https://exchange.xforce.ibmcloud.com/vulnerabilities/24326