SecurityFocus

Claroline 1.7.2, sso identification vulnerability Jan 20 2006 05:27PM
karmaguedon hotmail com

hi,
this is what we can read in file "/claroline/inc/claro_init_local.inc.php" :

[...]
$ssoCookieValue = md5( mktime() );

$sql = "UPDATE `".$tbl_sso."`
SET cookie = '".$ssoCookieValue."',
rec_time = NOW()
...

[ more ]