‘TowerBlog Administrative Authentication Bypassing’
‘TowerBlog is, in short, a ‘single user web-log (or web journal if you will) content management system, aka CMS’.
‘The information has been provided by Noam Rathaus.’
* TowerBlog version 0.6 and prior
By accessing the TowerBlog system with a cookie named TowerBlog_LoggedIn whose value has been set to 1 a remote user can impersonate an administrator of the blog system.
Vendor has been informed, as of writing of this advisory he plans on not fixing this problem as he lost interest in continuing the development of the product.’