Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bypass in the authentication method of the GTT Sistema de Información Tributario application
Vulnerability Description
Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data received, allowing an attacker with access to the local machine or internal network to impersonate the legitimate WebSocket and inject manipulated information. Exploiting this vulnerability could allow an attacker to authenticate as any user in the domain, without the need for valid credentials, compromising the confidentiality, integrity, and availability of the application and its data.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
GTT Sistema de Información Tributario 安全漏洞
Vulnerability Description
GTT Sistema de Información Tributario是美国GTT公司的一个电子政务平台。 GTT Sistema de Información Tributario存在安全漏洞,该漏洞源于身份验证方法绕过,可能导致攻击者冒充任何域用户。
CVSS Information
N/A
Vulnerability Type
N/A