Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KeyIdentity LinOTP 安全漏洞
Vulnerability Description
Keyidentity KeyIdentity LinOTP是德国Keyidentity公司的是一套开源的双因素身份认证解决方案。该方案支持不同的身份验证协议、令牌类型和用户存储库等。 KeyIdentity LinOTP 3.2.5 版本存在安全漏洞,该漏洞源于通过生成重复的 API 请求,可以触发 Self Service API 中的竞争条件。
CVSS Information
N/A
Vulnerability Type
N/A