CVE-2009-1629 Information

Description

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html http://secunia.com/advisories/42784 http://www.ocert.org/advisories/ocert-2009-004.html http://www.openwall.com/lists/oss-security/2009/05/11/1 http://www.securityfocus.com/archive/1/503421/100/0/threaded http://www.securityfocus.com/bid/34903 https://exchange.xforce.ibmcloud.com/vulnerabilities/50464