Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Hard-coded Cryptographic Key in Netmaker
Vulnerability Description
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Gravitl Netmaker 信任管理问题漏洞
Vulnerability Description
Gravitl Netmaker是美国Gravitl公司的一个使用 WireGuard 创建和管理快速、安全和动态的虚拟覆盖网络的平台。用于创建和控制自动化虚拟网络。 Gravitl Netmaker 存在信任管理问题漏洞,该漏洞源于代码库中有一个硬编码的加密密钥,如果利用者知道管理员的地址和用户名,就可以利用该密钥在远程服务器上运行管理员命令。
CVSS Information
N/A
Vulnerability Type
N/A