Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MFASOFT Secure Authentication Server 安全漏洞
Vulnerability Description
MFASOFT Secure Authentication Server是俄罗斯MFASOFT公司的一种基于一次性密码 (OTP) 的双因素身份验证系统。 MFASOFT Secure Authentication Server (SAS) 1.8.x版本至1.9.040924之前版本存在安全漏洞,该漏洞源于访问控制不当。攻击者利用该漏洞可以访问用户令牌。
CVSS Information
N/A
Vulnerability Type
N/A