EUVD-2018-3017

Malware in sbrugna...

GamerPolls Removes Use of Hardcoded Exploits

GamerPolls is a polling stats graph display plugin. A security vulnerability exists in GamerPolls version 0.4.6 that stems from the program's use of the Passport.js package to provide authentication policies. An attacker can exploit the vulnerability to bypass authentication...

CVE-2018-10966

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

Hardcoded credentials

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

CVE-2018-10966

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

CVE-2018-10966

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret...

CVE-2018-10966

CVE-2018-10966 affects GamerPolls 0.4.6. The issue arises from how the app uses Passport.js to sign the session cookie; an attacker can edit the Passport.js data in the session cookie and include the target account ID, then re-sign it with a hard-coded secret. This enables session/identity impers...