Описание
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
EPSS
Процентиль: 35%
0.00145
Низкий
8.6 High
CVSS3
Дефекты
CWE-472
Связанные уязвимости
CVSS3: 8.6
github
11 месяцев назад
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
EPSS
Процентиль: 35%
0.00145
Низкий
8.6 High
CVSS3
Дефекты
CWE-472