Skip to content

Latest commit

 

History

History
36 lines (26 loc) · 808 Bytes

CVE-2023-51840.md

File metadata and controls

36 lines (26 loc) · 808 Bytes

BUG_Author: Kelsey Tian

Affected Version: DoraCMS - 2.1.8

Vendor: doramart https://github.com/doramart

Software: https://github.com/doramart/DoraCMS

Vulnerability File: doramart/DoraCMS#262

  1. backstage/adminGroup/src/utils/crypto.js, line 12.

Vulnerability Type: CWE-321 Use of Hard-coded Cryptographic Key

Attack Type: Remote

Impact: Information Disclosure

Severity: High

Description: DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key.

  1. Using fixed keys may reduce encryption security because an attacker can guess or predict them. To enhance security, it is recommended to use randomly generated keys and ensure secure storage and transmission of keys.

References: doramart/DoraCMS#262 https://github.com/doramart/DoraCMS