icon

We found results for “

CVE-2015-8314

Good to know:

icon

Date: December 15, 2015

Devise version before 3.5.4 uses cookies to implement a “Remember me” functionality.However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the application indefinitely.

Language: Ruby

Severity Score

Severity Score

Top Fix

icon

Upgrade Version

Upgrade to version v3.5.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us