11 matches found
GHSA-FMG6-246M-9G2V Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...
Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? You are affected if you meet the following preconditions: - Applications using...
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
CVE-2026-25818
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption...
HMS Cosy+和HMS Ewon Flexy 安全漏洞
HMS Cosy+ and HMS Ewon Flexy are both products from the Swedish company HMS. HMS Cosy+ is an application used for industrial remote access. HMS Ewon Flexy is a remote access gateway device. Both HMS Cosy+ and HMS Ewon Flexy have security vulnerabilities; these vulnerabilities stem from weak entro...
CVE-2026-25818
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption...
CVE-2026-25818
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption...
CVE-2026-25818
Affected devices: HMS Networks Ewon Flexy (firmware before 15.0s4) and Cosy+ (firmware 22.xx before 22.1s6 and 23.xx before 23.0s3). What’s affected: authentication cookies with weak entropy used to secure sessions. Root cause: weak entropy enables an attacker possessing a stolen session cookie t...