Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
stanford webauth 信任管理漏洞
Vulnerability Description
Stanford University WebAuth 3.5.5版本,3.6.0版本,以及3.6.1版本的weblogin/login.fcgi (又称WebLogin登录脚本)在某个包含由一个POST请求向一个GET请求的转化的情况下把密码放置在URLs中。这会允许见机行事的攻击者通过读取(1)web-server访问日志,(2)web-server参考日止,或(3)浏览器历史,来发现密码。
CVSS Information
N/A
Vulnerability Type
N/A