Security Advisory

CVE-2019-10907

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-07 13:32:37

Last updated 2024-08-04 22:40:15

Assigner mitre

State PUBLISHED

Description

Airsonic 10.2.1 uses Springs default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.

← Browse all CVEs View on cve.org ↗