Name of the Vulnerable Software and Affected Versions Laravel versions prior to 4.1.26

Description The issue concerns the security of "remember me" cookies. If a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password or logged out. This is due to the lack of a token refresh mechanism when the user logs out or resets their password.

Recommendations For versions prior to 4.1.26, update to version 4.1.26 or later to include the new remember token column in the users database table, which assigns a fresh token to the user each time they login and refreshes the token when the user logs out, thus invalidating any hijacked "remember me" cookies.