Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
VeridiumAd 环境问题漏洞
Vulnerability Description
VeridiumAd是英国Veridium公司的一种企业就绪型解决方案。可为 Microsoft Active Directory 环境添加生物识别身份验证和身份保证。 VeridiumAd 2.5.3.0 中存在安全漏洞,该漏洞源于为 VeridiumAD 注册用户触发推送通知的 HTTP 请求不会强制执行适当的访问控制。用户可以为任何其他用户触发推送通知。
CVSS Information
N/A
Vulnerability Type
N/A