Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Craft CMS Allows TOTP Token To Stay Valid After Use
Vulnerability Description
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Craft CMS 安全漏洞
Vulnerability Description
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 5.0.0-beta.1版本至5.2.2版本存在安全漏洞,该漏洞源于允许在有效期内多次重复使用TOTP令牌。攻击者利用该漏洞可以重新提交有效的TOTP令牌来建立经过身份验证的会话。
CVSS Information
N/A
Vulnerability Type
N/A