| Titolo | emlog Blog Site 2.3.4 Incorrect Authorization |
|---|
| Descrizione | emlog pro version 2.3.4 has session(AuthCookie) persistence and any user login vulnerability
emlog relies on the AuthCookie field in the cookie to determine whether a user is logged in, but the value is fixed for each user and the same cookie value is used for each login. In addition, in the process of generating AuthCookie, the only unknown variable, Auth_Key, has a default value, which is written in the configuration file. If this value is known, any user login vulnerability can be realized.
https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Fonte | ⚠️ https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Utente | bydsteve (UID 41102) |
|---|
| Sottomissione | 09/05/2024 10:11 (2 anni fa) |
|---|
| Moderazione | 17/05/2024 07:45 (8 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 264741 [Emlog Pro 2.3.4 Cookie AuthCookie autenticazione debole] |
|---|
| Punti | 20 |
|---|