Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
asyncua 授权问题漏洞
Vulnerability Description
asyncua是Free OPC-UA Library开源的一个库。 asyncua 0.9.96 之前版本存在授权问题漏洞,该漏洞源于缺少对需要活动会话的服务的检查,容易受到不正确的身份验证的影响,因此可以在没有加密和身份验证的情况下访问地址空间。
CVSS Information
N/A
Vulnerability Type
N/A