Session fixation

2006-01-2511:03:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

CPENameOperatorVersion
clarolineeq1.7.2

CPE	Name	Operator	Version
	claroline	eq	1.7.2

References

secunia.com/advisories/18588

www.securityfocus.com/archive/1/422482

www.securityfocus.com/bid/16341

www.vupen.com/english/advisories/2006/0320

exchange.xforce.ibmcloud.com/vulnerabilities/24326