Well-Known Ruby on Rails Secret Token Used on Remote Application
Medium Nessus Plugin ID 64298
SynopsisThe Ruby on Rails application on the remote host reuses secret tokens.
DescriptionThe Ruby on Rails application on the remote host uses a well-known secret token to sign and encrypt cookies / data.
SolutionIf you control the configuration to this application, generate a proper secret token and make sure it isn't publicly shared. The secret file is located at :
Ensure this value is truly unique. If you do not control it, there may be a vendor provided upgrade that makes it unique per installation.