漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token
Vulnerability Description
The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Zizai Tech Nut 信息泄露漏洞
Vulnerability Description
Zizai Tech Nut是中国自在科技(Zizai Tech)公司的一款Nut智能寻物防丢贴片产品。 Zizai Tech Nut中存在信息泄露漏洞,该漏洞源于请求中包含用户授权的会话令牌。攻击者可通过捕获会话并重新使用会话令牌利用该漏洞获取用户账户访问权限。
CVSS Information
N/A
Vulnerability Type
N/A