Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
iTop VPN 安全漏洞
Vulnerability Description
iTop VPN是iTop公司的一款 VPN 软件。允许用户通过高级 Salsa20(chacha20)256 位加密保持匿名和安全。 iTop VPN 3.2 版本存在安全漏洞,该漏洞源于iTopVPNmini.exe 组件会尝试循环连接到 datastate_iTopVPN_Pipe_Server。 攻击者打开具有相同名称的命名管道可以使用它通过侦听连接和滥用 ImpersonateNamedPipeClient() 来获取另一个用户的令牌。
CVSS Information
N/A
Vulnerability Type
N/A