Количество 2
Количество 2
CVE-2020-5222
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1
GHSA-mh8g-hprg-8363
Hard-Coded Key Used For Remember-me Token in Opencast
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-5222 Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | CVSS3: 6.8 | 0% Низкий | около 6 лет назад |
| GHSA-mh8g-hprg-8363 Hard-Coded Key Used For Remember-me Token in Opencast | CVSS3: 6.8 | 0% Низкий | около 6 лет назад |
Уязвимостей на страницу