Credentials Management Errors
CVE-2008-7311
Summary
The session cookie store implementation in Spree through 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
- LOW
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
CWE-255 - Credentials Management Errors
Weaknesses in this category are related to the management of credentials.
References
Advisory Timeline
- Published