Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User login confusion with SSO in warpgate
Vulnerability Description
Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Warpgate 授权问题漏洞
Vulnerability Description
Warpgate是warp-tech项目的一款适用于 Linux 的智能 SSH、HTTPS 和 MySQL 堡垒主机。 Warpgate 存在授权问题漏洞,该漏洞源于当以启用了 SSO 的用户身份登录时,攻击者可能会以其他用户的身份通过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A