漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Temporary storage of plaintext passwords during password changes in matrix synapse
Vulnerability Description
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
Synapse 安全漏洞
Vulnerability Description
synapse是一个应用程序。用于开放式联合即时消息和VoIP Synapse存在安全漏洞,该漏洞源于在密码更改期间临时存储了明文密码。受影响的产品和版本;Synapse 1.66.0至1.93.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A