Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
F5 NGINX Controller 授权问题漏洞
Vulnerability Description
F5 NGINX Controller是美国F5公司的一款用于NGINX的集中式监视和管理平台。该平台支持使用可视化界面管理多个NGINX实例。 F5 NGINX Controller 3.0.0版本至3.4.0版本中的NGINX Controller存在安全漏洞,该漏洞源于数据库中以纯文本格式传输并存储更改用户密码所需的恢复码。攻击者可利用该漏洞更改用户的用户密码,如果用户是管理员用户则攻击者可以完全控制NGINX Controller系统。
CVSS Information
N/A
Vulnerability Type
N/A