漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Passbolt 安全漏洞
Vulnerability Description
Passbolt是法国Passbolt公司的一个开源密码管理器。 Passbolt Browser Extension 4.6.2 之前版本存在安全漏洞,该漏洞源于在输入密码时,它可以向 HaveIBeenPwned 发送多个请求,从而导致信息泄露,使攻击者能够观察 Passbolt 对 Pwned Password API 的 HTTPS 查询,从而暴力破解用户手动输入的密码。
CVSS Information
N/A
Vulnerability Type
N/A