Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.
CVSS Information
N/A
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
Embedthis Software GoAhead 安全漏洞
Vulnerability Description
Embedthis Software GoAhead是美国Embedthis Software公司的一款嵌入式Web服务器。 Embedthis Software GoAhead存在安全漏洞,该漏洞源于“基本”HTTP身份验证时执行密码匹配的代码不使用常量时间memcmp,也没有速率限制。攻击者可利用该漏洞通过记录web服务器的响应时间,直到未经授权的(401)响应,逐字逐句地暴力破解HTTP基本密码。
CVSS Information
N/A
Vulnerability Type
N/A