CVE-2023-2158

Name of the Vulnerable Software and Affected Versions Code Dx versions prior to 2023.4.2

Description The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.

Recommendations For Code Dx versions prior to 2023.4.2, update to version 2023.4.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of the "Remember Me" token until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using the username in the affected system until the issue is resolved.