Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
References
Configurations
History
No history.
Information
Published : 2007-08-18 21:17
Updated : 2018-10-15 21:35
NVD link : CVE-2007-4419
Mitre link : CVE-2007-4419
CVE.ORG link : CVE-2007-4419
JSON object : View
Products Affected
olate
- olatedownload
CWE
CWE-287
Improper Authentication