Skip to content
/ CVE-2024-41290 Public

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to > store authentication data

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

paragbagul111/CVE-2024-41290

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
poc_cookie.png
poc_cookie.png
 
 

Repository files navigation

CVE-2024-41290

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data

Additional Information:

FlatPress CMS version 1.3.1 insecurely stores authentication-related data, including usernames and hashed passwords, directly in client-side cookies. This practice exposes sensitive information to potential unauthorized access and manipulation by attackers.

Vendor of Product:

Insecure Storage of Authentication Data in Cookies

Affected Product Code Base:

FlatPress CMS version 1.3.1 - 1.3

Affected Component:

Cookie

Impact:

Usernames and hashed passwords are exposed in client-side cookies, which can be accessed or modified by unauthorized parties.

If an attacker gains access to these cookies, they can potentially impersonate users or decrypt hashed passwords offline

Discoverer:

Parag Bagul

About

FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to > store authentication data

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published