CVE-2023-6451

Publicly Known Cryptographic Machine Key In AlayaCare's Procura Portal Application

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

Procura Portal by AlayaCare before v9.0.1.2 uses a publicly known cryptographic machine key allowing unauthenticated attackers to forge and encrypt their own authentication cookies leading to an authentication bypass, granting attackers access to the application and any data contained there-in.

Affected Versions

Before 9.0.1.2

Fixed Versions

Fixed in 9.0.1.2

Latest News

To 2030 and Beyond...

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

See All News