Lucene search
+L

15 matches found

nvd
nvd
added 2026/06/08 4:16 p.m.20 views

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS0.00271EPSS
Exploits0References2
euvd
euvd
added 2026/06/08 3:5 p.m.12 views

EUVD-2026-35085

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.27 views

PT-2026-47329

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3
cve
cve
added 2024/04/09 4:45 p.m.61 views

CVE-2024-30262

Contao CVE-2024-30262: In versions prior to 4.13.40, when a frontend member changes their password (in Personal Data or Password Lost modules), associated remember-me tokens are not cleared, allowing ongoing access if a token was compromised. The issue is fixed in Contao 4.13.40. A recommended wo...

7.1CVSS5.7AI score0.00495EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/04/09 4:45 p.m.34 views

CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

5.9CVSS6.9AI score0.00495EPSS
Exploits0References4
osv
osv
added 2023/04/27 6:15 p.m.3 views

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

9.8CVSS7.3AI score0.00621EPSS
Exploits0References1
nvd
nvd
added 2023/04/27 6:15 p.m.28 views

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

9.8CVSS9.6AI score0.00621EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/04/27 12:0 a.m.7 views

PT-2023-18284 · Code Dx · Code Dx

Name of the Vulnerable Software and Affected Versions: Code Dx versions prior to 2023.4.2 Description: The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the...

9.8CVSS7.5AI score0.00621EPSS
Exploits0References4
github
github
added 2022/05/17 12:34 a.m.41 views

Laravel Sensitive Data Exposure

Laravel before 5.5.10 mishandles the rememberme token verification process because DatabaseUserProvider does not have constant-time token comparison...

5.9CVSS6.9AI score0.01193EPSS
Exploits0References7Affected Software2
veracode
veracode
added 2020/01/31 2:40 a.m.19 views

Authentication Bypass

opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as a fake remember-me token can be used to gain access of arbitrary users without the need to be authenticated...

10CVSS4.6AI score0.01293EPSS
Exploits0References2Affected Software1
github
github
added 2020/01/30 9:21 p.m.68 views

Hard-Coded Key Used For Remember-me Token in Opencast

Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...

8.8CVSS0.6AI score0.00939EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2020/01/30 8:50 p.m.33 views

CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

6.8CVSS8.5AI score0.00939EPSS
Exploits0References2
cnvd
cnvd
added 2017/09/28 12:0 a.m.9 views

Laravel Security Bypass Vulnerability

Laravel is a PHP development framework for developing web applications and provides syntax highlighting, documentation and extension packages. A security vulnerability exists in Laravel versions prior to 5.5.10 that stems from the program failing to properly handle the rememberme token validation...

5.9CVSS6.8AI score0.01193EPSS
Exploits0References1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.38 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.20 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
Rows per page
Query Builder