Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
M/Monit 3.7.4 - Password Disclosure
Vulnerability Description
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
Tildeslash M/Monit 安全漏洞
Vulnerability Description
Tildeslash M/Monit是Tildeslash公司的一个服务器监控和管理工具。 Tildeslash M/Monit 3.7.4版本存在安全漏洞,该漏洞源于管理API端点存在身份验证漏洞,可能导致检索用户密码哈希。
CVSS Information
N/A
Vulnerability Type
N/A