A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. The vulnerability, tracked as CVE-2022-35202, stems from weak auto-generated passwords protecting Java keystores, which could be extracted and brute-forced to compromise private keys. Sitevision, a widely adopted content management system in […]
The post Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key appeared first on Cyber Security News.
This article has been indexed from Cyber Security News