The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-11-05 17:00
Updated : 2010-11-08 21:00
NVD link : CVE-2009-5014
Mitre link : CVE-2009-5014
JSON object : View
CWE
CWE-310
Cryptographic Issues
Products Affected
turbogears
- turbogears2