Vulnerabilities > CVE-2019-15955 - Algorithmic Complexity vulnerability in Totaljs Total.Js CMS 12.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |