Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Remediation

References

CVE-2006-0411

Related Vulnerabilities

Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5499)

silverstripeCMS Incorrect Default Permissions Vulnerability (CVE-2020-6165)

Oracle Application Server CVE-2008-0344 Vulnerability (CVE-2008-0344)

Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032)

Apache HTTP Server Other Vulnerability (CVE-2001-1449)

Severity

Critical

Classification

CVE-2006-0411

Tags

Missing Update Known Vulnerabilities