cookie-encrypter issues

Passing in an array of secrets doesn't work

The Readme says `secret` can be "a string or array used for encrypting cookies.". But the code doesn't handle arrays so fails here: ``` if (algorithm === 'aes256' && key.length...

philipbeber

Security warning: Replay attack possible

1

If I am not completely mistaken the encryption lacks a proper randomization and therefore is susceptible to a replay attack. Who would prevent an attacker from intercepting an encrypted cookie...

clecap

Add an option to set the encoding for the encrypted cookie

In order to reduce the number of bytes used in the cookie, I had to use a different encoding. Maybe other people have similar issues when the cookie content grows...

nexx512

Vulnerable to bit flipping CVE-2024-53441

# cookie-encrypter Vulnerability Let's imagine a website with the following source code: ```js const express = require('express'); const cookieParser = require('cookie-parser'); const cookieEncrypter = require('cookie-encrypter'); const app = express(); app.use(cookieParser("NicePasswordHereItIsAGoodSecret!"));...

mathysEthical

cookie-encrypter
cookie-encrypter copied to clipboard

Metadata

Passing in an array of secrets doesn't work

Security warning: Replay attack possible

Add an option to set the encoding for the encrypted cookie

Vulnerable to bit flipping CVE-2024-53441

← Metadata

Owner

Metadata

cookie-encrypter cookie-encrypter copied to clipboard

Metadata

Passing in an array of secrets doesn't work

Security warning: Replay attack possible

Add an option to set the encoding for the encrypted cookie

Vulnerable to bit flipping CVE-2024-53441

← Metadata

Owner

Metadata

cookie-encrypter
cookie-encrypter copied to clipboard