N/A

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically strong sequences. An attacker can predict these sequences and generate a JWT token. As a result, an attacker can get access to the Web UI. This is fixed in Object First Ootbi BETA build 1.0.13.1611.

N/A

N/A

Object First 安全特征问题特征问题漏洞

Object First是Object First公司的一个 Veeam 的最佳存储解决方案。 Object First 1.0.7.712版本存在安全特征问题漏洞，该漏洞源于JWT令牌使用不产生加密强序列的函数生成的密钥，攻击者可以预测这些序列并生成JWT令牌，允许攻击者在不知道凭据的情况下访问Web UI。

N/A

N/A