CVE-2008-6599

Name of the Vulnerable Software and Affected Versions CookieCheck version 1.0

Description The issue concerns insufficient access control in the storage of session data. Specifically, the cookiecheck.php file in CookieCheck stores session data under the web root in tmp/cc sessions, allowing remote attackers to obtain this data via a direct request. This is related to the default session save path.

Recommendations For CookieCheck version 1.0, consider restricting access to the tmp/cc sessions directory to prevent remote attackers from obtaining session data. As a temporary workaround, restrict access to the cookiecheck.php file until a proper fix is applied.