Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2023-42446
  • Powauth » Pow » Version: 1.0.14
    cpe:2.3:a:powauth:pow:1.0.14
  • Powauth » Pow » Version: 1.0.15
    cpe:2.3:a:powauth:pow:1.0.15
  • Powauth » Pow » Version: 1.0.16
    cpe:2.3:a:powauth:pow:1.0.16
  • Powauth » Pow » Version: 1.0.17
    cpe:2.3:a:powauth:pow:1.0.17
  • Powauth » Pow » Version: 1.0.18
    cpe:2.3:a:powauth:pow:1.0.18
  • Powauth » Pow » Version: 1.0.19
    cpe:2.3:a:powauth:pow:1.0.19
  • Powauth » Pow » Version: 1.0.20
    cpe:2.3:a:powauth:pow:1.0.20
  • Powauth » Pow » Version: 1.0.21
    cpe:2.3:a:powauth:pow:1.0.21
  • Powauth » Pow » Version: 1.0.22
    cpe:2.3:a:powauth:pow:1.0.22
  • Powauth » Pow » Version: 1.0.23
    cpe:2.3:a:powauth:pow:1.0.23
  • Powauth » Pow » Version: 1.0.24
    cpe:2.3:a:powauth:pow:1.0.24
  • Powauth » Pow » Version: 1.0.25
    cpe:2.3:a:powauth:pow:1.0.25
  • Powauth » Pow » Version: 1.0.26
    cpe:2.3:a:powauth:pow:1.0.26
  • Powauth » Pow » Version: 1.0.27
    cpe:2.3:a:powauth:pow:1.0.27
  • Powauth » Pow » Version: 1.0.28
    cpe:2.3:a:powauth:pow:1.0.28
  • Powauth » Pow » Version: 1.0.29
    cpe:2.3:a:powauth:pow:1.0.29
  • Powauth » Pow » Version: 1.0.30
    cpe:2.3:a:powauth:pow:1.0.30
  • Powauth » Pow » Version: 1.0.31
    cpe:2.3:a:powauth:pow:1.0.31
  • Powauth » Pow » Version: 1.0.32
    cpe:2.3:a:powauth:pow:1.0.32
  • Powauth » Pow » Version: 1.0.33
    cpe:2.3:a:powauth:pow:1.0.33


Products
Pricing
Contact Us

Shodan ® - All rights reserved