CVE-2010-1136 Information

Description

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \persistent login\ probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

Reference

http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://osvdb.org/62801 http://secunia.com/advisories/38882 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196 http://www.securityfocus.com/bid/38608 https://exchange.xforce.ibmcloud.com/vulnerabilities/56771