Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Airsonic 加密问题漏洞
Vulnerability Description
Airsonic是一款基于网络的流媒体服务器。 Airsonic 10.2.1版本中存在安全漏洞。攻击者可利用该漏洞暴力破解密码。
CVSS Information
N/A
Vulnerability Type
N/A