Joomla! session id not hashed.

Posted by Blazej Adamczyk on Sep 20

Title: Joomla! session id not hashed
Author: Blazej Adamczyk (br0x)
Date: 2015-06-30
Download site: https://github.com/joomla/joomla-cms/releases/download/3.6.2/Joomla_3.6.2-Stable-Full_Package.zip
Version: 3.6.2 and below
Vendor: https://www.joomla.org/
Vendor Notified: 2016-09-20
Vendor Contact: https://www.joomla.org/
CVSS: 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

Description:
The session_ids for all joomla users are stored in…

Leave a Reply