Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). The difference in the returned error messages could be used by attackers to understand whether a certain user is registered in the Identity Manager. This issue affects Life 1st: 1.5.2.14234.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Beta80 Life 1st 安全漏洞
Vulnerability Description
Beta80 Life 1st是Beta80公司的一款管理 PSAP 的完整套件。 Beta80 Life 1st 1.5.2.14234版本存在安全漏洞,该漏洞源于使用身份验证Rest API时允许用户枚举,不同错误消息会返回给失败的认证尝试,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A