CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Codeigniter |
Codeigniter |
* |
2.1.4 |
References