Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hush Line OTP issue
Vulnerability Description
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Hush Line 安全漏洞
Vulnerability Description
Hush Line是免费开源匿名举报热线服务。 Hush Line 存在安全漏洞,该漏洞源于缺少用于更改安全设置的 2FA,因此攻击者可以使用 CSRF 或 XSS 原语更改此类设置,而无需用户交互和凭证。
CVSS Information
N/A
Vulnerability Type
N/A