CVE-2023-6451

Publicly Known Cryptographic Machine Key In AlayaCare's Procura Portal Application

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

Procura Portal by AlayaCare before v9.0.1.2 uses a publicly known cryptographic machine key allowing unauthenticated attackers to forge and encrypt their own authentication cookies leading to an authentication bypass, granting attackers access to the application and any data contained there-in.

Affected Versions

Before 9.0.1.2

Fixed Versions

Fixed in 9.0.1.2

Latest News

You’ve chosen a managed IT service provider – what comes next?

An inside look at The Missing Link internship experience

The Neural Link | Edition 1

See All News