CVE-2019-10907

Airsonic 10.2.1 uses Spring's default remember-me mechanism based on MD5, with a fixed key of airsonic in GlobalSecurityConfig.java. An attacker able to capture cookies might be able to trivially bruteforce offline the passwords of associated users.

packagechannelchannel versionpkg versionstatus
airsonic
nixos-19.03
2019-05-20 19:26:33 UTC (cdec62)10.2.1vulnerable
2019-05-19 05:45:38 UTC (705986)10.2.1vulnerable
2019-05-18 19:20:38 UTC (cff736)10.2.1vulnerable
2019-05-18 14:40:37 UTC (51cc0e)10.2.1vulnerable
2019-05-18 12:10:29 UTC (c86f09)10.2.1vulnerable
2019-05-16 07:25:27 UTC (c21f08)10.2.1vulnerable
2019-05-15 23:05:36 UTC (f5493b)10.2.1vulnerable
2019-05-14 10:50:48 UTC (7cd2e4)10.2.1vulnerable
2019-05-14 04:40:47 UTC (af657b)10.2.1vulnerable
2019-05-12 22:55:17 UTC (727e5b)10.2.1vulnerable
2019-05-12 18:15:28 UTC (c2570e)10.2.1vulnerable
2019-05-12 06:15:30 UTC (312a05)10.2.1vulnerable
2019-05-10 05:55:42 UTC (7bb74e)10.2.1vulnerable
2019-05-09 23:45:28 UTC (2ec36d)10.2.1vulnerable
2019-05-09 11:30:25 UTC (096e2f)10.2.1vulnerable
2019-05-08 07:05:44 UTC (aade6d)10.2.1vulnerable
2019-05-08 03:25:43 UTC (a04ef7)10.2.1vulnerable
2019-05-07 18:25:28 UTC (3e7300)10.2.1vulnerable
2019-05-07 12:25:52 UTC (2dcbd4)10.2.1vulnerable
2019-05-07 03:45:44 UTC (2df17e)10.2.1vulnerable
2019-05-06 22:45:43 UTC (8c6c85)10.2.1vulnerable
2019-05-06 19:05:39 UTC (6ec097)10.2.1vulnerable
2019-05-05 20:50:42 UTC (a177da)10.2.1vulnerable
2019-05-05 11:55:39 UTC (6e29f2)10.2.1vulnerable
2019-05-05 08:25:33 UTC (04954e)10.2.1vulnerable
2019-05-02 22:00:31 UTC (915ce0)10.2.1vulnerable
2019-05-02 14:05:46 UTC (2e6afa)10.2.1vulnerable
2019-05-02 10:40:42 UTC (b2b5c1)10.2.1vulnerable
2019-05-01 17:25:26 UTC (d740b2)10.2.1vulnerable
2019-04-30 23:15:17 UTC (6d7ed9)10.2.1vulnerable
2019-04-25 16:05:41 UTC (cf3e27)10.2.1vulnerable
2019-04-24 14:30:20 UTC (2f1eac)10.2.1vulnerable
2019-04-24 10:40:27 UTC (893541)10.2.1vulnerable
2019-04-23 19:20:27 UTC (793640)10.2.1vulnerable
2019-04-22 06:20:19 UTC (330b9f)10.2.1vulnerable
2019-04-21 17:40:24 UTC (454eea)10.2.1vulnerable
2019-04-21 16:40:14 UTC (83e778)10.2.1vulnerable
2019-04-21 10:05:20 UTC (73c885)10.2.1vulnerable
2019-04-20 19:45:16 UTC (b807bc)10.2.1vulnerable
2019-04-19 19:40:31 UTC (8ea36d)10.2.1vulnerable
2019-04-17 11:30:25 UTC (7b3696)10.2.1vulnerable
2019-04-16 15:30:40 UTC (ea4979)10.2.1vulnerable
2019-04-10 15:10:50 UTC (5c52b2)10.2.1vulnerable
2019-04-10 14:15:29 UTC (63f250)10.2.1vulnerable
2019-04-10 10:35:28 UTC (f52505)10.2.1vulnerable
2019-04-10 08:25:33 UTC (0363ab)10.2.1vulnerable
2019-04-08 01:00:36 UTC (67bc63)10.2.1vulnerable
2019-04-05 01:55:19 UTC (91fa69)10.2.1vulnerable
2019-04-04 23:20:18 UTC (e18a58)10.2.1vulnerable
nixos-unstable
2019-05-03 17:40:38 UTC (190727)10.2.1vulnerable
2019-04-30 23:35:46 UTC (aeb464)10.2.1vulnerable
2019-04-25 16:30:32 UTC (dfd8f8)10.2.1vulnerable
2019-04-24 12:55:41 UTC (0620e0)10.2.1vulnerable
2019-04-21 22:55:37 UTC (d26027)10.2.1vulnerable
2019-04-16 15:55:38 UTC (1fc591)10.2.1vulnerable
2019-04-07 21:55:33 UTC (acbdaa)10.2.1vulnerable
2019-04-05 11:20:44 UTC (d956f2)10.2.1vulnerable