config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-01-02T11:00:00
Updated: 2024-08-06T18:01:19.691Z
Reserved: 2013-12-28T00:00:00
Link: CVE-2013-7222
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-01-02T14:59:04.063
Modified: 2014-01-03T17:12:35.577
Link: CVE-2013-7222
Redhat
No data.