Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hard-Coded Key Used For Remember-me Token in OpenCast
Vulnerability Description
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Opencast 信任管理问题漏洞
Vulnerability Description
Opencast是Opencast组织的一款用于大规模自动视频捕获,管理和分发的直播视频支撑软件。 Apereo Opencast 7.6之前版本和8.1之前版本中存在信任管理问题漏洞。攻击者可借助一个服务器的remember-me令牌利用该漏洞访问同一集群中的所有设备。
CVSS Information
N/A
Vulnerability Type
N/A