CVE-2009-3657

TIM Nelson Shared Sign-on - Authentication Bypass

Title source: rule

Description

Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.

References (3)

[Patch, Vendor Advisory] http://drupal.org/node/592488

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36563

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53560

Scores

EPSS 0.0018

EPSS Percentile 39.6%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

tim_nelson/shared_sign-on

Timeline

Published Oct 09, 2009

Tracked Since Feb 18, 2026