Description

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Remediation

References

CVE-2006-0411

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6727)

WordPress Plugin Goolytics-Simple Google Analytics Cross-Site Scripting (1.1.1)

Oracle JRE CVE-2013-2417 Vulnerability (CVE-2013-2417)

Joomla Use of Insufficiently Random Values Vulnerability (CVE-2012-1562)

WordPress Plugin SecuPress Pro Security Bypass (1.4.12)

Severity

Critical

Classification

CVE-2006-0411

Tags

Missing Update Known Vulnerabilities