Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Express express-session Weak Secret Key Detected

Severity: Medium
Summary#

Invicti detected that a weak secret is used in Express sessions.

The Express web application uses the express-session middleware. The middleware stores a session id in a cookie and uses a secret key to sign it for protection against data tampering. The application is using a weak/known secret key and Invicti managed to guess this key.

Impact#

An attacker can tamper the session id in the cookie.

Actions To Take#

Change the value of the secret key to a long random string.

Classifications#
, , , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works