Session Hijacking Vulnerability in Invision Power Services (IPS) Community Suite
CVE-2016-2564 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
Learn more about our Web Application Penetration Testing UK.