CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie

CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie

Open Source Security [[{„value“:“

Posted by Arnout Engelen on Feb 27

Severity: important

Affected versions:

– Apache Aurora 0.5.0 or later

Description:

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache
Aurora.

An endpoint exposing internals to unauthenticated users can be used as a „padding oracle“ allowing an anonymous
attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert