Sequential Cookie Values in Bitrix e-Store Module: Brute Force Authentication Bypass Vulnerability

CVE-2013-6788 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.

Learn more about our Web Application Penetration Testing UK.