7 matches found
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Exploit for Insecure Default Initialization of Resource in Apache Superset
CVE-2023-27524: Apache Superset Auth Bypass and RCE Apache Su...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hardcoded credentials
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
PYSEC-2022-43135
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Kubernetes: elections.k8s.io uses weak session secret key, may place elections at risk
The elections.k8s.io application used a weak Flask SECRETKEY, the string "N/A", to sign authentication cookies. This allowed the complete compromise of the application, as the session could be manipulated...