First published: Mon Nov 20 2023(Updated: )
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
Credit: help@fluidattacks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Armanidrisi Dev Blog | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of Dev Blog v1.0 - ATO is CVE-2023-6144.
The severity of CVE-2023-6144 is critical with a score of 9.1.
The Dev Blog v1.0 - ATO vulnerability allows an attacker to exploit an account takeover through the "user" cookie, providing access to any user's session by knowing their username.
CVE-2023-6144 affects Armanidrisi Dev Blog version 1.0.
To fix the Dev Blog v1.0 - ATO vulnerability, it is recommended to update to a patched version of the software provided by the vendor.