Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eLabFTW MFA bypass
Vulnerability Description
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
eLabFTW 安全漏洞
Vulnerability Description
eLabFTW是eLabFTW开源的一套开源的实验数据托管平台。该平台运行于Linux系统中,并支持存储多种对象。 eLabFTW 4.6.0至5.1.0之前版本存在安全漏洞,该漏洞源于允许攻击者绕过eLabFTW内置的多因素身份验证机制,能够进行本地身份验证的攻击者可以无视MFA要求登录。
CVSS Information
N/A
Vulnerability Type
N/A