Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Intumit SmartRobot - Use of Hard-coded Cryptographic Key
Vulnerability Description
Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Intumit SmartRobot 安全漏洞
Vulnerability Description
Intumit SmartRobot是Intumit公司的一个 Web 开发框架。 Intumit SmartRobot 存在安全漏洞,该漏洞源于使用固定的加密密钥进行身份验证,攻击者利用该漏洞可以获得管理员权限,在远程服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A