2 matches found
CVE-2024-45261
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's...
passport 授权问题漏洞
passport is an Express-compatible Node.js authentication middleware from Jared Hanson, an individual developer in the United States. An authorization issue vulnerability exists in passport. An attacker could use this vulnerability to hijack a victim's session by throwing a valid "sessionId" cooki...