CVE-2010-1136

Severity

75%

Complexity

99%

Confidentiality

106%

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Tiki Tikiwiki CMS/Groupware

First reported 14 years ago

2010-03-27 19:07:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

Tiki Tikiwiki CMS/Groupware 3.0

3.0

Tiki Tikiwiki CMS/Groupware 3.1

3.1

Tiki Tikiwiki CMS/Groupware 3.2

3.2

Tiki Tikiwiki CMS/Groupware 3.3

3.3

Tiki Tikiwiki CMS/Groupware 3.4

3.4

References

http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases

62801

38882

Vendor Advisory

http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196

http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196

38608

tikiwiki-standardmethod-unspecified(56771)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.