H3-2022-0064
Rails Secret Token Exposure
Category | SECURITY_MISCONFIGURATION |
Base Score | 7.5 |
Description
All Rails apps have a, randomly-generated secret token. This token is automatically generated and is often left unsecured.
Impact
An unauthenticated attacker can abuse the secret token to impersonate any user in the application and gain access to potentially sensitive data.