제출 #857944: Fantomas42 django-blog-zinnia 881101a9d1d455b2fc581d6f4ae0947cdd8126c6 CWE-312 Cleartext Storage of Sensitive Information정보

제목Fantomas42 django-blog-zinnia 881101a9d1d455b2fc581d6f4ae0947cdd8126c6 CWE-312 Cleartext Storage of Sensitive Information
설명Fantomas42/django-blog-zinnia stores the raw protected-entry password in Django session data after a visitor unlocks an entry. The same session value is later compared against the entry password. If a deployment uses readable client-side sessions or if session storage, logs, or backups are exposed, protected-entry passwords can be recovered from session data. The safer design is to store only an entry-scoped authorization marker or keyed digest.
원천⚠️ https://github.com/Fantomas42/django-blog-zinnia/issues/595
사용자
 GalaxynX (UID 98977)
제출2026. 06. 13. PM 01:51 (1 월 ago)
모더레이션2026. 07. 18. AM 10:52 (1 month later)
상태수락
VulDB 항목380029 [Fantomas42 django-blog-zinnia 까지 0.20 Protected Entry Password entry_protection.py 약한 암호화]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!