CVE-2023-6451

Name of the Vulnerable Software and Affected Versions AlayaCare's Procura Portal versions prior to 9.0.1.2

Description The issue is related to a publicly known cryptographic machine key in AlayaCare's Procura Portal, which allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Recommendations For versions prior to 9.0.1.2, update to version 9.0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on authentication cookies until a patch is applied.