3 matches found
CVE-2023-6144
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...
CVE-2023-6144
Dev Blog v1.0 is affected by CVE-2023-6144 via a security bypass allowing account takeover through the user cookie. An attacker can access any user’s session by knowing the username. The root cause is improper session cookie handling in a Node.js/Express + MongoDB setup. Public references describ...
CVE-2023-6144 Dev Blog v1.0 - ATO
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...