CVE-2020-5222— Hard-Coded Key Used For Remember-me Token in OpenCast
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-5222
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hard-Coded Key Used For Remember-me Token in OpenCast
Source: NVD (National Vulnerability Database)
Vulnerability Description
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
Opencast 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Opencast是Opencast组织的一款用于大规模自动视频捕获,管理和分发的直播视频支撑软件。 Apereo Opencast 7.6之前版本和8.1之前版本中存在信任管理问题漏洞。攻击者可借助一个服务器的remember-me令牌利用该漏洞访问同一集群中的所有设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2020-5222
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-5222
请登录查看更多情报信息。
- https://github.com/opencast/opencast/security/advisories/GHSA-mh8g-hprg-8363x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-5222
Same Patch Batch · opencast · 2020-01-30 · 6 CVEs total
| CVE-2020-5206 | 8.7 HIGH | Authentication Bypass For Endpoints With Anonymous Access in OpenCast |
| CVE-2020-5229 | 7.7 HIGH | Opencast stores passwords using outdated MD5 hash algorithm |
| CVE-2020-5230 | 7.7 HIGH | Opencast uses unsafe identifiers |
| CVE-2020-5228 | 7.6 HIGH | Opencast allows unauthorized public access via OAI-PMH |
| CVE-2020-5231 | 4.8 MEDIUM | Opencast users with ROLE_COURSE_ADMIN can create new users |
IV. Related Vulnerabilities
Same product: opencast
- CVE-2025-61906
Opencast's editor accidentally publishes videos/overwrites p - CVE-2025-61788
Opencast Paella Player 7 vulnerable to Cross-Site-Scripting - CVE-2025-55202
Opencast has a partial path traversal vulnerability in UI co - CVE-2025-54380
Opencast still publishes global system account credentials - CVE-2024-52797
Searching Opencast may cause a denial of service
Same vendor: opencast
- CVE-2025-61906
Opencast's editor accidentally publishes videos/overwrites p - CVE-2025-61788
Opencast Paella Player 7 vulnerable to Cross-Site-Scripting - CVE-2025-55202
Opencast has a partial path traversal vulnerability in UI co - CVE-2025-54380
Opencast still publishes global system account credentials - CVE-2024-52797
Searching Opencast may cause a denial of service
Same weakness: CWE-798
- CVE-2026-7414
Hardcoded credentials in Yarbo robot firmware - CVE-2026-8032
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-cod - CVE-2026-32834
Easy PayPal Events & Tickets 1.3 Authentication Bypass via Q - CVE-2026-42376
D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials - CVE-2026-42375
D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials
V. Comments for CVE-2020-5222
No comments yet