| tiêu đề | emlog Blog Site 2.3.4 Incorrect Authorization |
|---|
| Mô tả | emlog pro version 2.3.4 has session(AuthCookie) persistence and any user login vulnerability
emlog relies on the AuthCookie field in the cookie to determine whether a user is logged in, but the value is fixed for each user and the same cookie value is used for each login. In addition, in the process of generating AuthCookie, the only unknown variable, Auth_Key, has a default value, which is written in the configuration file. If this value is known, any user login vulnerability can be realized.
https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Nguồn | ⚠️ https://github.com/ssteveez/emlog/blob/main/emlog%20pro%20version%202.3.4%20has%20session(AuthCookie)%20persistence%20and%20any%20user%20login%20vulnerability.md |
|---|
| Người dùng | bydsteve (UID 41102) |
|---|
| Đệ trình | 09/05/2024 10:11 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 17/05/2024 07:45 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 264741 [Emlog Pro 2.3.4 Cookie AuthCookie xác thực yếu] |
|---|
| điểm | 20 |
|---|