Vulnerability Description
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tiki | Tikiwiki Cms\/Groupware | 3.0 |
Related Weaknesses (CWE)
References
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://osvdb.org/62801
- http://secunia.com/advisories/38882Vendor Advisory
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/u
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- http://www.securityfocus.com/bid/38608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
- http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
- http://osvdb.org/62801
- http://secunia.com/advisories/38882Vendor Advisory
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/u
- http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
- http://www.securityfocus.com/bid/38608
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
FAQ
What is CVE-2010-1136?
CVE-2010-1136 is a vulnerability with a CVSS score of 7.5 (HIGH). The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable...
How severe is CVE-2010-1136?
CVE-2010-1136 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1136?
Check the references section above for vendor advisories and patch information. Affected products include: Tiki Tikiwiki Cms\/Groupware.