Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ANIXIS Password Reset Client 安全漏洞
Vulnerability Description
anixis password reset client是 ANIXIS 3.22之前版本存在安全漏洞,该漏洞源于密码重置客户端定制GINA/CP模块允许远程攻击者通过欺骗来执行代码和升级特权。当客户端配置为使用HTTP时,它在打开浏览器窗口之前不会对预期的服务器进行身份验证。能够执行欺骗攻击的未经身份验证的攻击者可以重定向浏览器以在winlogin .exe进程上下文中执行。如果没有实施网络级身份验证,则可以通过RDP利用该漏洞。
CVSS Information
N/A
Vulnerability Type
N/A