CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
86.1%
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to “persistent login,” probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Vendor | Product | Version | CPE |
---|---|---|---|
tiki | tikiwiki_cms\/groupware | 3.0 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:*:*:*:*:*:*:* |
tiki | tikiwiki_cms\/groupware | 3.1 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.1:*:*:*:*:*:*:* |
tiki | tikiwiki_cms\/groupware | 3.2 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.2:*:*:*:*:*:*:* |
tiki | tikiwiki_cms\/groupware | 3.3 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.3:*:*:*:*:*:*:* |
tiki | tikiwiki_cms\/groupware | 3.4 | cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.4:*:*:*:*:*:*:* |
info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
osvdb.org/62801
secunia.com/advisories/38882
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
www.securityfocus.com/bid/38608
exchange.xforce.ibmcloud.com/vulnerabilities/56771