Name of the Vulnerable Software and Affected Versions Laravel versions prior to 4.1.26

Description The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password or logged out. This is resolved by introducing a new remember token column to the users database table, which assigns a fresh token to the user each time they login and refreshes the token when the user logs out. As a result, if a "remember me" cookie is hijacked, simply logging out of the application will invalidate the cookie.

Recommendations For versions prior to 4.1.26, update to version 4.1.26 or later to include the security improvements for "remember me" cookies, which involves adding a new remember token column to the users database table to assign a fresh token to the user upon each login and logout.