Back to search
CVE-2013-6788
Published: May 30, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.htbridge.com/advisory/HTB23183
x_refsource_MISC
63606
vdb-entry
x_refsource_BID
http://www.bitrixsoft.com/products/cms/versions.php?module=sale
x_refsource_CONFIRM
56033
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now