---
gem: authlogic
cve: 2012-6497
osvdb: 89064
url: https://nvd.nist.gov/vuln/detail/CVE-2012-6497
title: Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness
date: 2012-12-21
description: |
  Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered
  when the program makes an unsafe method call for find_by_id. With a specially
  crafted parameter in an environment that knows the secret_token value in
  secret_token.rb, a remote attacker to more easily conduct SQL injection
  attacks.
patched_versions:
  - ">= 3.3.0"