Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Server-Side Authentication Checks in EfficientLab WorkExaminer Professional
Vulnerability Description
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitoring data. This includes monitored screenshots and keystrokes of all users. The WorkExaminer Professional console is used for administrative access to the server. Before access to the console is granted administrators must login. Internally, a custom protocol is used to call a respective stored procedure on the MSSQL database. The return value of the call is not validated on the server-side. Instead it is only validated client-side which allows to bypass authentication.
CVSS Information
N/A
Vulnerability Type
服务端安全的客户端实施
Vulnerability Title
Work Examiner Professional 安全漏洞
Vulnerability Description
Work Examiner Professional是美国Work Examiner公司的一款员工电脑监控软件。 Work Examiner Professional存在安全漏洞,该漏洞源于服务器端缺少身份验证检查,可能导致未经验证的攻击者绕过登录提示并获得管理员权限,从而访问所有敏感监控数据。
CVSS Information
N/A
Vulnerability Type
N/A