DotProject User Cookie Authentication Bypass Vulnerability

dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software.

This may be accomplished by submitting a maliciously crafted 'user_cookie' value either manually or via manipulation of URI parameters.

This problem is due to the software relying on the user 'cookie_value' to authenticate the user.


 

Privacy Statement
Copyright 2010, SecurityFocus