Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CISA Thorium does not properly invalidate previously used tokens
Vulnerability Description
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
CISA Thorium 安全漏洞
Vulnerability Description
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.1之前版本存在安全漏洞,该漏洞源于未正确使先前使用的令牌失效,可能导致攻击者在密码重置后仍能登录。
CVSS Information
N/A
Vulnerability Type
N/A