Skip to content

H3-2023-0002

Flask Authentication Bypass Misconfiguration

Category SECURITY_MISCONFIGURATION
Base Score 7.3

Description

The web application hosted on this server is configured with a weak Flask secret key.

Impact

Attackers can use the weak Flask secret key to forge authentication tokens and access the web application with the privileges of the impersonated user. The impact of what an attacker can do varies based on the application.

References