8 matches found
CVE-2026-33266
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
Apache OpenMeetings Uses Hard-coded Cryptographic Key
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...
CVE-2026-33266
CVE-2026-33266 : Apache OpenMeetings is affected by a hard-coded remember-me cookie encryption key in openmeetings.properties, not auto-rotated. If an admin does not change the default key, a cookie stolen from a logged-in user can expose full user credentials. Affected versions: 6.1.0 up to 9.0....
PT-2026-31640
Name of the Vulnerable Software and Affected Versions Apache OpenMeetings versions 6.1.0 through 9.0.0 Description A hard-coded cryptographic key is used in Apache OpenMeetings. The remember-me cookie encryption key is set to a default value in the openmeetings.properties file and is not...
CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key
A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key...
GHSA-P836-389H-J692 Improper Access Control in Apache Shiro
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
VulnCheck KEV: CVE-2016-4437
Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...
GHSA-MH8G-HPRG-8363 Hard-Coded Key Used For Remember-me Token in Opencast
Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...