3 matches found
CVE-2023-2158
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...
CVE-2023-2158
Mode C Narrative: The CVE-2023-2158 entry describes a vulnerability in Synopsys Code Dx where versions prior to 2023.4.2 are susceptible to a user impersonation attack. The underlying issue is the use of a hard-coded cipher when generating the Remember Me token, enabling a malicious actor to impe...
CVE-2023-2158 Impersonation through User-Controlled Token
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...