svnsyn
790f388fb3
These cookies can be used for authentication bypass, like its explained here: https://github.com/u238/grafana-CVE-2018-15727 https://grafana.com/blog/2019/04/29/grafana-5.4.4-and-6.1.6-released-with-important-security-fix/ The module takes a username and generates a bad salted cookie. It also takes one of these cookies to decrypt the username out of it. Both cookies has to be set where as an existing session cookie should have been deleted before getting access. I wrote it in python since I had a lot of different results while calculating this task comparing the go and ruby crypto libraries.