Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Limited Authentication bypass due to hardcoded secret
Vulnerability Description
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Pandora 信任管理问题漏洞
Vulnerability Description
Pandora是一个分析框架,用于发现文件是否可疑并方便地显示结果。 Pandora FMS v764版本存在信任管理问题漏洞,该漏洞源于存在不正确的身份验证漏洞,知道有效会话的攻击者可以滥用它来通过身份验证检查。
CVSS Information
N/A
Vulnerability Type
N/A