Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows user name disclosure in TGstation
Vulnerability Description
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
tgstation-server 信息泄露漏洞
Vulnerability Description
tgstation-server是一款用于管理生产BYOND服务器的工具集。 TGstation 5.12.5之前版本存在信息泄露漏洞,该漏洞源于可以通过使用无效密码强制登录端点来发现用户名。
CVSS Information
N/A
Vulnerability Type
N/A