漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Client Enrollment Process Bypass
Vulnerability Description
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Netskope Client 安全漏洞
Vulnerability Description
Netskope Client是美国Netskope公司的一款用于连接管理Netskope云平台的客户端程序。 Netskope Client存在安全漏洞,该漏洞源于注册过程中使用静态令牌作为身份验证参数,攻击者可以使用此令牌冒充用户。
CVSS Information
N/A
Vulnerability Type
N/A