CVE-2010-1136
First published: Fri Mar 26 2010(Updated: )
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tiki Tikiwiki Cms\/groupware | =3.2 | |
| Tiki Tikiwiki Cms\/groupware | =3.1 | |
| Tiki Tikiwiki Cms\/groupware | =3.0 | |
| Tiki Tikiwiki Cms\/groupware | =3.3 | |
| Tiki Tikiwiki Cms\/groupware | =3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/62801
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://www.securityfocus.com/bid/38608
- http://secunia.com/advisories/38882
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tiki
- canonical/tiki tikiwiki cms\/groupware
- version/tiki tikiwiki cms\/groupware/3.2
- version/tiki tikiwiki cms\/groupware/3.1
- version/tiki tikiwiki cms\/groupware/3.0
- version/tiki tikiwiki cms\/groupware/3.3
- version/tiki tikiwiki cms\/groupware/3.4