We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-49261

Sensitive authentication-related value accessible publicly



AssignerCERT-PL
Reserved2023-11-24
Published2024-01-12
Updated2024-09-04

Description

The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
0x4004d293e0

Any version before 2310271149
affected

Credits

Robert Pogorzelski (SEQRED) 0x4004d29430

References

https://cert.pl/en/posts/2024/01/CVE-2023-49253/ third-party-advisory

https://cert.pl/posts/2024/01/CVE-2023-49253/ third-party-advisory

cve.org CVE-2023-49261

nvd.nist.gov CVE-2023-49261

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-49261
Subscribe to our newsletter to learn more about our work.