Описание
linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-force cracking.
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 9.8
github
7 месяцев назад
linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-force cracking.
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-284