Publicly known cryptographic machine key in AlayaCare's Procura Portal prior to 9.0.1.2 allows malicious users to forge their own authentication cookies and bypass the application's authentication mechanisms.