CVE-2020-5222
Opencast prior to 7.6 and 8.1 uses a remember-me cookie whose value is derived from a hash of the username, password, and a system key. If an attacker obtains a remember-me token from one server, they can access other servers that accept the same credentials without handling credentials. The issu...