Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Impersonation through User-Controlled Token
Vulnerability Description
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CVSS Information
N/A
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Synopsys Code Dx 信任管理问题漏洞
Vulnerability Description
Synopsys Code Dx是美国新思科技(Synopsys)公司的一种漏洞管理系统。将各种静态和动态测试工具生成的结果进行组合和关联。 Synopsys Code Dx 2023.4.2之前版本存在安全漏洞,该漏洞源于在生成令牌时使用硬编码密码。
CVSS Information
N/A
Vulnerability Type
N/A