PT-2021-10272 · Halo · Halo
Kingz40O
·
Published
2021-07-12
·
Updated
2021-07-15
·
CVE-2020-19037
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Halo version 0.4.3
Description:
The issue allows a malicious user to bypass encryption and view encrypted articles via cookies, due to an Incorrect Access Control vulnerability.
Recommendations:
For Halo version 0.4.3, update to a version that addresses the Incorrect Access Control issue to prevent unauthorized access to encrypted articles.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Halo