CVE-2024-41290

Vulnerability

FlatPress CMS version 1.3.1 (and possibly 1.3) stores authentication data, including usernames and hashed passwords, directly in client-side cookies instead of using secure session management. This insecure practice exposes sensitive credentials to anyone who can access the browser's cookie store or intercept network traffic [1].

Exploitation

An attacker who gains access to a victim's cookies—via cross-site scripting (XSS), man-in-the-middle attack, or physical access to the browser—can extract the stored usernames and hashed passwords. The attacker can then attempt to crack the hashes offline using standard tools or reuse the cookies directly to impersonate the authenticated user [1].

Impact

Successful exploitation leads to full account takeover. The attacker can impersonate the victim within FlatPress CMS, and if the hashed password is weak, they may recover the plaintext credential—potentially endangering other services where the same password is reused [1].

Mitigation

As of the available references, no official patch has been released by the vendor. Administrators should monitor the FlatPress project for updates and consider implementing a reverse proxy that strips or encrypts such cookies, or migrate to a CMS version that uses server-side sessions to store authentication data [1].