CVE-2024-30262

Contao CVE-2024-30262: In versions prior to 4.13.40, when a frontend member changes their password (in Personal Data or Password Lost modules), associated remember-me tokens are not cleared, allowing ongoing access if a token was compromised. The issue is fixed in Contao 4.13.40. A recommended wo...

CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

PT-2023-18284 · Code Dx · Code Dx

Name of the Vulnerable Software and Affected Versions: Code Dx versions prior to 2023.4.2 Description: The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the...

Laravel Sensitive Data Exposure

Laravel before 5.5.10 mishandles the rememberme token verification process because DatabaseUserProvider does not have constant-time token comparison...

Authentication Bypass

opencast-kernel is vulnerable to authentication bypass. The vulnerability exists as a fake remember-me token can be used to gain access of arbitrary users without the need to be authenticated...

Hard-Coded Key Used For Remember-me Token in Opencast

Impact The security configuration in etc/security/mhdefaultorg.xml enables a remember-me cookie based on a hash created from the username, password, and an additional system key. Opencast has hard-coded this system key in the large XML file and never mentions to change this, basically ensuring th...

CVE-2020-5222 Hard-Coded Key Used For Remember-me Token in OpenCast

Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials...

Laravel Security Bypass Vulnerability

Laravel is a PHP development framework for developing web applications and provides syntax highlighting, documentation and extension packages. A security vulnerability exists in Laravel versions prior to 5.5.10 that stems from the program failing to properly handle the rememberme token validation...

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...