Unrated severityOSV Advisory· Published Apr 7, 2019· Updated Aug 4, 2024
CVE-2019-10907
CVE-2019-10907
Description
Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/airsonic/airsonic/commit/3e07ea52885f88d3fbec444dfd592f27bfb65647mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.