Publicly Known Cryptographic Machine Key In AlayaCare's Procura Portal Application

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

Procura Portal by AlayaCare before v9.0.1.2 uses a publicly known cryptographic machine key allowing unauthenticated attackers to forge and encrypt their own authentication cookies leading to an authentication bypass, granting attackers access to the application and any data contained there-in.

Affected Versions


Fixed Versions

Fixed in

Latest News