Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
caddy-security 安全漏洞
Vulnerability Description
caddy-security是Caddy的安全应用程序和插件。 caddy-security 1.0.42之前版本存在安全漏洞,该漏洞源于使用不安全的随机数生成库,容易受到不安全随机性的影响。
CVSS Information
N/A
Vulnerability Type
N/A