Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Union Pay web 数据伪造问题漏洞
Vulnerability Description
UnionPay web是中国中国银联(UnionPay)公司的一个应用系统。 Union Pay for web 1.2.0之前版本存在安全漏洞,该漏洞源于密码签名不当验证漏洞,攻击者可利用该漏洞通过一个伪造的认证码(MAC)在商家网站和移动应用程序中免费购物,该认证码是由一个空密钥生成的。
CVSS Information
N/A
Vulnerability Type
N/A