CVE-2020-14017

An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.

An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session.

Se detectó un problema en Navigate CMS versión 2.9 r1433. Las sesiones, así como la información asociada, tal y como los tokens CSRF, son almacenados en archivos de texto sin cifrar en el directorio /private/sessions. Un usuario no autenticado podría utilizar un enfoque de fuerza bruta para intentar identificar sesiones existentes o visualizar el contenido de este archivo para detectar detalles sobre una sesión