EIP-2026-110154

PRE-CVE

Online Password Manager 4.1 - Insecure Cookie Handling

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110154. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in Online Password Manager v4.1, allowing an attacker to bypass authentication by setting the 'auth' cookie to an arbitrary value (e.g., 'admin') via JavaScript.

Description

Online Password Manager 4.1 - Insecure Cookie Handling

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/8450

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in Online Password Manager v4.1, allowing an attacker to bypass authentication by setting the 'auth' cookie to an arbitrary value (e.g., 'admin') via JavaScript.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Online Password Manager v4.1

No auth needed

Prerequisites: Victim must execute the provided JavaScript code

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026