3 matches found
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
CVE-2021-3882
creationtimestamp| type| source ---|---|--- 2021-10-14 12:34:03+00:00| seen| https://t.me/cibsecurity/30548...
CVE-2021-3882
LedgerSMB CVE-2021-3882 concerns the Secure attribute on the session authorization cookie. The vulnerability arises when LedgerSMB servers behind a reverse proxy respond to unencrypted HTTP; an attacker who can observe traffic and trick a user into using HTTP could obtain the authentication cooki...