Description
A vulnerability was discovered in the CodeIgniter session handling code. This issue was reported to EllisLab and a fixed version (2.2.0) was released on 5th June 2014, which removed the _xor_encode() method and required the use of Mcrypt.
Remediation
Upgrade to the latest version of CodeIgniter. This problem was fixed in CodeIgniter version 2.2.0.