Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MantisBT: Authentication bypass for some passwords due to PHP type juggling
Vulnerability Description
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
CVSS Information
N/A
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
MantisBT 安全漏洞
Vulnerability Description
MantisBT是MantisBT团队的一套基于Web的开源缺陷跟踪系统。该系统以Web操作的形式提供项目管理及缺陷跟踪服务。 MantisBT 2.27.1及之前版本存在安全漏洞,该漏洞源于身份验证代码中使用松散比较而非严格比较,可能导致攻击者利用特定MD5哈希值绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A