CVE-2020-26172

Sažetak

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.

Reference

https://blog.to.com/advisory-tangro-bwf-1-17-5-multiple-vulnerabilities/
https://www.tangro.de/

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

21-12-2020 - 21:11

Objavljeno

18-12-2020 - 10:15