Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Remove use of hard coded secret #56
By using a hard coded secret, a would-be attacker could manipulate the cookie data and re-sign it using the same cookie secret - potentially leading to an authentication bypass and privilege escalation.
CVSS v3 Score
CVSS v3 Vector