all InfoSec news
Insecure configuration exposes Apache Superset servers to RCE attacks
SC Magazine feed for Strategy www.scmagazine.com
Nearly 2,000 internet-exposed Apache Superset servers used by government entities, corporations, universities, and others are at risk of authentication bypass and remote code execution attacks due to the servers' use of the default Flask Secret Key for authentication session cookie signing, BleepingComputer reports.
apache apache superset attacks authentication authentication bypass bleepingcomputer bypass code code execution configuration cookie corporations default entities exposed flask government insecure internet key rce remote code remote code execution reports risk secret secret key servers session signing superset universities vulnerability management