Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Paxton Access Net2 信任管理问题漏洞
Vulnerability Description
Paxton Access Net2是Paxton Access公司的一款应用程序,提供简单灵活的站点管理。 Paxton Access Net2存在信任管理问题漏洞,该漏洞源于安装 Net2 软件时,根证书将安装到受信任的存储中,攻击者利用该漏洞可以访问安装程序批处理文件或对源代码进行逆向工程以获取根证书密码,然后可以使用根证书和密码创建自己的证书来模拟另一个站点,最后通过建立代理服务来模拟站点,可以监控最终用户和允许访问数据内容的站点之间传递的流量。
CVSS Information
N/A
Vulnerability Type
N/A