Get Demo
Apache Shiro before 1.4.2, when using the default remember me configuration, cookies could be susceptible to a padding attack.