Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by alayacare
CVE-2023-6451 (GCVE-0-2023-6451)
Vulnerability from cvelistv5 – Published: 2024-02-16 04:06 – Updated: 2024-08-02 08:28
VLAI?
Title
Publicly Known Cryptographic Machine Key In Procura Portal Application
Summary
Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.
Severity ?
8.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AlayaCare | Procura Portal |
Affected:
0 , < 9.0.1.2
(Major)
|
Date Public ?
2024-02-16 08:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:alayacare:procura_portal:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "procura_portal",
"vendor": "alayacare",
"versions": [
{
"lessThan": "9.0.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T16:59:47.355288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T15:05:18.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-6451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Procura Portal",
"vendor": "AlayaCare",
"versions": [
{
"lessThan": "9.0.1.2",
"status": "affected",
"version": "0",
"versionType": "Major"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jake Cleland"
}
],
"datePublic": "2024-02-16T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Publicly known cryptographic machine key in AlayaCare\u0027s Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application\u0027s authentication mechanisms.\u003cbr\u003e"
}
],
"value": "Publicly known cryptographic machine key in AlayaCare\u0027s Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application\u0027s authentication mechanisms.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1394",
"description": "CWE-1394",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T04:08:11.683Z",
"orgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"shortName": "TML"
},
"references": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-6451"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Generate new machine keys in the application\u0027s web.config file immediately.\u003cbr\u003e"
}
],
"value": "Generate new machine keys in the application\u0027s web.config file immediately.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Publicly Known Cryptographic Machine Key In Procura Portal Application",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "07aac9b9-e3e9-4d03-a447-764bd31371d7",
"assignerShortName": "TML",
"cveId": "CVE-2023-6451",
"datePublished": "2024-02-16T04:06:17.797Z",
"dateReserved": "2023-11-30T22:06:55.677Z",
"dateUpdated": "2024-08-02T08:28:21.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}