AlayaCare's Procura Portal 9.0.1.2 Vulnerability: Authentication Cookie Forgery

AlayaCare's Procura Portal 9.0.1.2 Vulnerability: Authentication Cookie Forgery

CVE-2023-6451 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Learn more about our Web Application Penetration Testing UK.