CVE-2018-10813

Name of the Vulnerable Software and Affected Versions Dedos-web version 1.0

Description The issue concerns hardcoded cookie and session secrets in the Express.js application, which are visible in the source code. An attacker can exploit this by editing the session cookie contents and re-signing it using the hardcoded secret, potentially leading to privilege escalation due to the use of Passport.js.

Recommendations For Dedos-web version 1.0, consider regenerating and securely storing unique cookie and session secrets to prevent unauthorized access and privilege escalation. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.