krastanoel

CVE-2021-41171

Product

elabFTW - A free and open source electronic lab notebook designed by researchers, for researchers, with usability in mind

Version Affected

elabFTW before 4.1.0

Description

eLabFTW before 4.1.0 allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header.

Technical Details

The technical details and exploitation can be found in the published paper.

Timeline

References