Product
Operator session tokens in ForgeKeep's nebula-mesh application are stored in plaintext within the database, allowing an attacker who gains read access to the database to retrieve active session tokens and hijack operator sessions, bypassing further authentication.