CVE-2009-1629
Antony Lesuisse Ajaxterm < 0.10 - Authentication Bypass
Title source: ruleDescription
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
References (7)
Scores
EPSS
0.0099
EPSS Percentile
76.6%
Classification
CWE
CWE-287
Status
draft
Affected Products (5)
antony_lesuisse/ajaxterm
< 0.10
antony_lesuisse/ajaxterm
antony_lesuisse/ajaxterm
antony_lesuisse/ajaxterm
antony_lesuisse/ajaxterm
Timeline
Published
May 14, 2009
Tracked Since
Feb 18, 2026