Vulnerabilities > CVE-2014-2875 - Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://seclists.org/fulldisclosure/2014/Apr/318
- http://seclists.org/fulldisclosure/2014/Apr/318
- http://www.securityfocus.com/archive/1/531981/100/0/threaded
- http://www.securityfocus.com/archive/1/531981/100/0/threaded
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid