Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication bypass in Vartalap chat-server
Vulnerability Description
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Chat Server 输入验证错误漏洞
Vulnerability Description
Chat Server是ramank775个人开发者的基于微服务架构的聊天服务器,支持高可用、高吞吐、横向扩展。 Chat Server 2.3.2到2.6.0版本存在输入验证错误漏洞,该漏洞源于应用存在验证访问令牌错误。攻击者利用该漏洞可以实现身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A