mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 18:27:17 +00:00
822 B
822 B
CVE-2024-26331
Description
ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.
POC
Reference
No PoCs from references.