Account Takeover Vulnerability: Exploiting User Cookie in Dev Blog v1.0

Account Takeover Vulnerability: Exploiting User Cookie in Dev Blog v1.0

CVE-2023-6144 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Learn more about our User Device Pen Test.