Vulnerabilities

CVE-2025-60794

by Fred · 20/11/2025

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.

More information : https://github.com/perfood/couch-auth

Similar

Tags: Cybersecurity Alert