Submit #331857: emlog Blog Site 2.3.4 Incorrect Authorizationinfo

Titleemlog Blog Site 2.3.4 Incorrect Authorization
Descriptionemlog pro version 2.3.4 has session(AuthCookie) persistence and any user login vulnerability emlog relies on the AuthCookie field in the cookie to determine whether a user is logged in, but the value is fixed for each user and the same cookie value is used for each login. In addition, in the process of generating AuthCookie, the only unknown variable, Auth_Key, has a default value, which is written in the configuration file. If this value is known, any user login vulnerability can be realized. https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md
Source⚠️ https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md
Userbydsteve (ID 41102)
Submission05/09/2024 10:11 AM (3 months ago)
Moderation05/17/2024 07:45 AM (8 days later)
StatusAccepted
VulDB Entry264741

Do you want to use VulDB in your project?

Use the official API to access entries easily!