CVE Vulnerabilities

CVE-2010-1136

Published: Mar 27, 2010 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to persistent login, probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

Affected Software

Name Vendor Start Version End Version
Tikiwiki_cms/groupware Tiki 3.2 3.2
Tikiwiki_cms/groupware Tiki 3.1 3.1
Tikiwiki_cms/groupware Tiki 3.0 3.0
Tikiwiki_cms/groupware Tiki 3.3 3.3
Tikiwiki_cms/groupware Tiki 3.4 3.4

References