The Express web application uses the express-session middleware. The middleware stores a session id in a cookie and uses a secret key to sign it for protection against data tampering. The application is using a weak/known secret key and Acunetix managed to guess this key.


Change the value of the secret key to a long random string.


Related Vulnerabilities