Vulnerabilities > CVE-2013-7134 - Credentials Management vulnerability in Phusion Juvia

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phusion

CWE-255

NVD

Published: 2014-04-29

Updated: 2014-04-29

Summary

Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.

Vulnerable Configurations

Part	Description	Count
Application	Phusion Phusion Juvia -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.openwall.com/lists/oss-security/2013/12/16/3
http://www.openwall.com/lists/oss-security/2013/12/18/1
https://github.com/phusion/juvia/issues/55