CVE-2009-0412

Name of the Vulnerable Software and Affected Versions Interspire Shopping Cart (ISC) version 4.0.1 Ultimate edition

Description The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by reusing the RememberToken cookie after a failed admin login attempt, exploiting the ProcessLogin function in class.auth.php.

Recommendations For Interspire Shopping Cart (ISC) version 4.0.1 Ultimate edition, consider disabling the ProcessLogin function in class.auth.php as a temporary workaround until a patch is available. Restrict access to administrative login attempts to minimize the risk of exploitation. Avoid reusing the RememberToken cookie after a failed admin login attempt until the issue is resolved.