Authentication Token Vulnerability in Progress Sitefinity by Progress Software
CVE-2017-18179
8.8HIGH
What is CVE-2017-18179?
In Progress Sitefinity 9.1, the wrap_access_token is utilized as a non-expiring authentication token that does not invalidate upon a password change or session termination. This design flaw allows unauthorized access as the token is exposed via GET parameters, creating potential security risks. The issue was resolved in version 10.1.