Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CTFd 授权问题漏洞
Vulnerability Description
CTFd v2.0.0至v2.2.2版本中存在授权问题漏洞,该漏洞源于程序没有正确验证用户名。攻击者可利用该漏洞控制用户账户。
CVSS Information
N/A
Vulnerability Type
N/A