Alayacare · Procura Portal · CVE-2023-6451
**Name of the Vulnerable Software and Affected Versions**
AlayaCare's Procura Portal versions prior to 9.0.1.2
**Description**
The issue is related to a publicly known cryptographic machine key in AlayaCare's Procura Portal, which allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.
**Recommendations**
For versions prior to 9.0.1.2, update to version 9.0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on authentication cookies until a patch is applied.