Vulnerabilities > CVE-2006-0411 - Unspecified vulnerability in Claroline 1.7.2

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

claroline

critical

NVD

Published: 2006-01-25

Updated: 2017-07-20

Summary

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

Vulnerable Configurations

Part	Description	Count
Application	Claroline Claroline Claroline 1.7.2	1

References

http://secunia.com/advisories/18588
http://www.securityfocus.com/archive/1/422482
http://www.securityfocus.com/bid/16341
http://www.vupen.com/english/advisories/2006/0320
https://exchange.xforce.ibmcloud.com/vulnerabilities/24326