Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FACTION Allows Authentication Bypass via User Creation
Vulnerability Description
FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Faction 授权问题漏洞
Vulnerability Description
Faction是Faction Security开源的一个笔检报告生成和评估协作框架。 Faction 1.4.3之前版本存在授权问题漏洞,该漏洞源于攻击者可注册具有管理员权限的新用户,从而绕过认证。
CVSS Information
N/A
Vulnerability Type
N/A