exploitDog

CVE-2010-3852

Опубликовано: 06 нояб. 2010

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*

Версия до 0.22.4 (включая)

cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*

EPSS

Процентиль: 72%

0.00711

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2010-3852

redhat

больше 15 лет назад

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.

GHSA-9wwx-c4hv-334h

github

больше 3 лет назад

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.

EPSS

Процентиль: 72%

0.00711

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-287