CVE Vulnerabilities

CVE-2008-3428

Improper Authentication

Published: Jul 31, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victims nickid parameter.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.0 1.0
Phpfreechat Phpfreechat 1.1 1.1

Potential Mitigations

References