2 matches found
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
CVE-2022-25510
The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...