Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
privacyIDEA version 2.23.1 and earlier contains a Improper Input Validation vulnerability in token validation api that can result in Denial-of-Service. This attack appear to be exploitable via http request with user=<space>&pass= to /validate/check url. This vulnerability appears to have been fixed in 2.23.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
privacyIDEA token validation api 输入验证漏洞
Vulnerability Description
privacyIDEA是一款模块化身份验证服务器。token validation api是其中的一个令牌验证接口。 privacyIDEA 2.23.1及之前版本中的token validation api存在输入验证漏洞。攻击者可通过向/validate/check url发送含有user=<space>&pass=的http请求利用该漏洞造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A