CVE-2009-0412 Information

Description

The ProcessLogin function in class.auth.php in Interspire Shopping Cart (ISC) 4.0.1 Ultimate edition allows remote attackers to bypass authentication and obtain administrative access by reusing the RememberToken cookie after a failed admin login attempt.

Reference

http://www.securityfocus.com/archive/1/499967/100/0/threaded http://www.securityfocus.com/bid/33212 http://www.securitytracker.com/id?1021557 https://exchange.xforce.ibmcloud.com/vulnerabilities/47899