Skip to main content

Credentials Management Errors

CVE-2008-7311

Severity Medium
Score 5/10

Summary

The session cookie store implementation in Spree through 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

  • Published