Session Hijacking Vulnerability in Invision Power Services (IPS) Community Suite

Session Hijacking Vulnerability in Invision Power Services (IPS) Community Suite

CVE-2016-2564 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.

Learn more about our Web Application Penetration Testing UK.