Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zytec Dalian Zhuoyun Technology Central Authentication Service HTTP Header git hard-coded password
Vulnerability Description
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the component HTTP Header Handler. The manipulation of the argument Authorization leads to use of hard-coded password. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的口令
Vulnerability Title
Zytec Central Authentication Service 安全漏洞
Vulnerability Description
Zytec Central Authentication Service是中国卓云(Zytec)公司的一个中央认证服务。 Zytec Central Authentication Service 3版本存在安全漏洞,该漏洞源于HTTP标头处理程序对参数Authorization的错误操作,可能导致使用硬编码密码。
CVSS Information
N/A
Vulnerability Type
N/A