| Название | emlog Blog Site 2.3.4 Incorrect Authorization |
|---|
| Описание | emlog pro version 2.3.4 has session(AuthCookie) persistence and any user login vulnerability
emlog relies on the AuthCookie field in the cookie to determine whether a user is logged in, but the value is fixed for each user and the same cookie value is used for each login. In addition, in the process of generating AuthCookie, the only unknown variable, Auth_Key, has a default value, which is written in the configuration file. If this value is known, any user login vulnerability can be realized.
https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Источник | ⚠️ https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Пользователь | bydsteve (UID 41102) |
|---|
| Представление | 09.05.2024 10:11 (2 лет назад) |
|---|
| Модерация | 17.05.2024 07:45 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 264741 [Emlog Pro 2.3.4 Cookie AuthCookie слабая аутентификация] |
|---|
| Баллы | 20 |
|---|