CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
78.2%
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
Vendor | Product | Version | CPE |
---|---|---|---|
turbogears | turbogears2 | * | cpe:2.3:a:turbogears:turbogears2:*:*:*:*:*:*:*:* |
turbogears | turbogears2 | 1.9.7a2 | cpe:2.3:a:turbogears:turbogears2:1.9.7a2:*:*:*:*:*:*:* |
turbogears | turbogears2 | 1.9.7a3 | cpe:2.3:a:turbogears:turbogears2:1.9.7a3:*:*:*:*:*:*:* |
turbogears | turbogears2 | 1.9.7a4 | cpe:2.3:a:turbogears:turbogears2:1.9.7a4:*:*:*:*:*:*:* |
turbogears | turbogears2 | 1.9.7b1 | cpe:2.3:a:turbogears:turbogears2:1.9.7b1:*:*:*:*:*:*:* |
turbogears | turbogears2 | 1.9.7b2 | cpe:2.3:a:turbogears:turbogears2:1.9.7b2:*:*:*:*:*:*:* |
turbogears | turbogears2 | 2.0 | cpe:2.3:a:turbogears:turbogears2:2.0:rc1:*:*:*:*:*:* |
turbogears | turbogears2 | 2.0.1 | cpe:2.3:a:turbogears:turbogears2:2.0.1:*:*:*:*:*:*:* |
turbogears | turbogears2 | 2.0b1 | cpe:2.3:a:turbogears:turbogears2:2.0b1:*:*:*:*:*:*:* |
turbogears | turbogears2 | 2.0b2 | cpe:2.3:a:turbogears:turbogears2:2.0b2:*:*:*:*:*:*:* |