CVE-2006-0411

Name of the Vulnerable Software and Affected Versions Claroline version 1.7.2

Description The issue concerns the use of guessable session cookies in the claro init local.inc.php file, which are generated as an MD5 hash of the connection time. This allows remote attackers to potentially hijack sessions, possibly leading to the gain of administrative privileges.

Recommendations For Claroline version 1.7.2, consider regenerating session cookies using a more secure method to prevent session hijacking, and restrict access to administrative privileges until a proper fix is applied. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.