Publicly known cryptographic machine key in AlayaCares Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the applications authentication mechanisms.
The product uses a default cryptographic key for potentially critical functionality.