The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-11-05T22:00:00Z
Updated: 2024-09-16T22:25:19.860Z
Reserved: 2010-11-05T00:00:00Z
Link: CVE-2009-5014
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-11-06T00:00:01.220
Modified: 2024-11-21T01:10:59.467
Link: CVE-2009-5014
Redhat
No data.