Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lif Authentication Server Has No Auth Check When Updating Password In Account Recovery
Vulnerability Description
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Lif Authentication Server 授权问题漏洞
Vulnerability Description
Lif Authentication Server是Lif Platforms开源的一个用于验证 Lif 帐户登录、管理信息和帐户恢复的服务器。 Lif Authentication Server 1.7.2版本及之前版本存在授权问题漏洞,该漏洞源于没有检查以确保用户已收到恢复电子邮件并输入了正确的代码。
CVSS Information
N/A
Vulnerability Type
N/A