Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EmpowerID 授权问题漏洞
Vulnerability Description
EmpowerID是EmpowerID公司的一款一体化身份管理和云安全套件。 EmpowerID 7.205.0.1 版本之前存在安全漏洞,该漏洞源于多重认证机制存在不安全因素。在经过第一重认证之后可以修改账户的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A