PT-2018-13452 · Damicms · Damicms

Howchen

·

Publicado

2018-08-30

·

Atualizado

2019-10-03

·

CVE-2018-16239

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions damiCMS version 6.0.1
Description An issue was discovered where the software relies on the PHP time() function for cookies. This makes it possible to determine the cookie for an existing admin session via a certain number of guesses.
Recommendations For damiCMS version 6.0.1, consider implementing a more secure method for generating cookies to prevent guessing attacks. As a temporary workaround, restrict access to admin sessions to minimize the risk of exploitation.

Exploit

Correção

Use of Insufficiently Random Values

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-330

Identificadores relacionados

CVE-2018-16239

Produtos afetados

Damicms