Does not properly cache login information in cookies
Posted: Thu Jul 11, 2019 8:36 am
Hi Team,
Recently, MITRE assigned two CVE IDs for issues related to the 2.2.5 release [1] [2]. The first, CVE-2017-17734 [3] is simply described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." The second, CVE-2017-17735 [4] is described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies."
Given the wording of your release announcement [1], it isn't obvious if these fixed true vulnerabilities or were defense-in-depth enhancements. Can you clarify which they are?
Thanks,
Recently, MITRE assigned two CVE IDs for issues related to the 2.2.5 release [1] [2]. The first, CVE-2017-17734 [3] is simply described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions." The second, CVE-2017-17735 [4] is described as "CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies."
Given the wording of your release announcement [1], it isn't obvious if these fixed true vulnerabilities or were defense-in-depth enhancements. Can you clarify which they are?
Thanks,