PT-2018-10212 · Gamerpolls+1 · Gamerpolls+1

Rastating

Published

2018-06-05

Updated

2018-07-20

CVE-2018-10966

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GamerPolls version 0.4.6

Description An issue was discovered related to the files config/environments/all.js and config/initializers/02 passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard-coded secret.

Recommendations For GamerPolls version 0.4.6, consider disabling the use of the hard-coded secret in config/environments/all.js and config/initializers/02 passport.js as a temporary workaround until a patch is available. Restrict access to editing the Passport.js contents of the session cookie to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-10966

Affected Products

Gamerpolls

Passport.Js

PT-2018-10212 · Gamerpolls+1 · Gamerpolls+1

CVE-2018-10966

Weakness Enumeration

Related Identifiers

Affected Products

References · 5