Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-10907

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
Products affected by CVE-2019-10907


Contact Us

Shodan ® - All rights reserved