Vulnerabilities > CVE-2008-7311 - Credentials Management vulnerability in Spreecommerce Spree 0.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |