CVE-2006-0411

2006-01-2511:00:00

mitre

www.cve.org

7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

References

secunia.com/advisories/18588

www.securityfocus.com/archive/1/422482

www.securityfocus.com/bid/16341

www.vupen.com/english/advisories/2006/0320

exchange.xforce.ibmcloud.com/vulnerabilities/24326