Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure random number used for generating keys for signing Jwt tokens
Vulnerability Description
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
Honeywell OneWireless 安全特征问题漏洞
Vulnerability Description
Honeywell OneWireless是美国霍尼韦尔(Honeywell)公司的一种工业无线网状网络,能够同时支持 ISA100 Wireless*(IEC 62734)、WirelessHART (IEC 62591) 现场仪器(变送器、执行器等)、Wi-Fi 设备和基于以太网/IP 的设备。 Honeywell OneWireless 322.1版本存在安全漏洞,该漏洞源于使用随机值不足,攻击者利用该漏洞可以操纵客户端JWT令牌中的声明。
CVSS Information
N/A
Vulnerability Type
N/A