Dsteve

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.3.4 Description: A vulnerability was found in the Cookie Handler component, where the manipulation of the `AuthCookie` argument leads to improper authentication. This issue can be initiated remotely, with a rather high complexity of attack and difficult exploitability. The exploit has been disclosed to the public and may be used. Recommendations: For Emlog Pro version 2.3.4, as a temporary workaround, consider restricting access to the Cookie Handler component until a patch is available. Avoid using the `AuthCookie` argument in affected areas until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.