CVE-2023-6451

Summary

Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.

Affected Software

VendorProductVersion RangeStatus
AlayaCareProcura Portal0 < 9.0.1.2affected

Weaknesses

  • CWE-1394: CWE-1394

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References