Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-12T20:31:47
Updated: 2024-08-04T15:19:09.368Z
Reserved: 2020-08-27T00:00:00
Link: CVE-2020-24719
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-12T21:15:10.917
Modified: 2024-11-21T05:15:57.893
Link: CVE-2020-24719
Redhat
No data.