Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of a Broken or Risky Cryptographic Algorithm in YesWiki
Vulnerability Description
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Vulnerability Title
YesWiki 加密问题漏洞
Vulnerability Description
YesWiki是法国YesWiki组织的一个用 PHP 编写的 wiki 系统。用于以协作方式创建和管理网站。 YesWiki 4.4.5之前版本存在加密问题漏洞,该漏洞使用了弱加密算法和硬编码对密码重置密钥进行哈希处理,导致密钥可被恢复并用于重置任何账户的密码。
CVSS Information
N/A
Vulnerability Type
N/A