A critical authentication vulnerability in StrongDM’s Windows desktop application allowed attackers to hijack active user sessions simply by stealing and replaying a single plaintext state file, no passwords, no phishing, no elevated privileges required. Tracked as CVE-2026-4387 and classified under CWE-312 (Cleartext Storage of Sensitive Information), the flaw was discovered by SpecterOps and publicly disclosed on June 1, […]
The post Critical StrongDM Vulnerability Enables Authentication Theft appeared first on Cyber Security News.