Insecure Session Cookie Encryption in CodeIgniter

Insecure Session Cookie Encryption in CodeIgniter

CVE-2014-8686 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

Learn more about our Web Application Penetration Testing UK.