CVE-2014-2875

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.

La biblioteca session.lua en CGILua 5.2 alpha 1 y 5.2 alpha 2 utiliza ID de sesión débiles generadas en función del tiempo del sistema operativo, lo que permite a los atacantes remotos secuestrar sesiones arbitrarias a través de un ataque de fuerza bruta. NOTA: CVE-2014-10399 y CVE-2014-10400 fueron DIVIDIDOS de esta ID.