Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client
Vulnerability Description
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
通道可被非端点访问(中间人攻击)
Vulnerability Title
Sunshine 安全漏洞
Vulnerability Description
Sunshine是LizardByte开源的一个 Moonlight 的自助游戏流主机。 Sunshine存在安全漏洞,该漏洞源于在配对过程中遭受MITM攻击的客户端可能会无意中允许非预期客户端访问。
CVSS Information
N/A
Vulnerability Type
N/A