Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EasyVirt DC Scope和EasyVirt CO2 Scope 安全漏洞
Vulnerability Description
EasyVirt DC Scope和EasyVirt CO2 Scope都是法国EasyVirt公司的产品。EasyVirt DC Scope是一个适用于 VMware 虚拟化 VMware 的监控和管理解决方案。EasyVirt CO2 Scope是一种实时监控 IT 服务、虚拟机和服务器的 CO2 排放的解决方案。 EasyVirt DC Scope 8.6.0及之前版本和EasyVirt CO2 Scope 1.3.0及之前版本存在安全漏洞,该漏洞源于密码令牌的弱加密问题,可能导致暴力破解密码令牌。
CVSS Information
N/A
Vulnerability Type
N/A