CVE-2013-7379
CVE-2013-7379 describes an authentication bypass in the Node.js tomato module before 0.0.6. The admin API validates the access_key by checking if the server key contains the provided value (config.master.api.access_key.indexOf(access_key) !== -1), enabling an attacker to authenticate with a singl...