Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure encryption algorithm in GLPI
Vulnerability Description
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
GLPI 加密问题漏洞
Vulnerability Description
GLPI是个人开发者的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 9.5.0版本之前存在安全漏洞,该漏洞源于使用的加密算法不安全。加密数据的安全性取决于所使用的密码,如果用户设置了弱密码/可预测的密码,攻击者可利用该漏洞解密数据。
CVSS Information
N/A
Vulnerability Type
N/A