Strap versions prior to 3.6.9 and 4.1.5 disclose a user's password due to simply base64 encoding it and sticking it in a cookie.
069e678d219ce2bfcd777e3fcf09ee5a7c59fe5b6c563e15e918fd0877c7aff7
© 2024 Packet Storm. All rights reserved.