CVE-2023-49261

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 12, 2024

Updated: Jan 18, 2024

CWE ID 200

Summary

CVE-2023-49261 is a vulnerability affecting user authorization where the "tokenKey" value is exposed in the HTML source code of the login page. An attacker with access to the login page can extract this value, potentially leading to unauthorized access or session hijacking. This issue poses a significant risk, as the tokenKey is essential for validating user identities and maintaining secure sessions. Organizations using the affected system are advised to implement measures to mitigate this issue, such as removing the tokenKey from the login page HTML or generating new, unique tokens for each session.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ti7Glm
https://www.cve.org/CVERecord?id=CVE-2023-49261
https://nvd.nist.gov/vuln/detail/CVE-2023-49261

Back to Vulnerability Database

CVE-2023-49261

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations