CitrusDB 0.3.6 and previous versions generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote malicious users to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrusdb citrusdb |