Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Schule Has Insecure OTP Length, is Susceptible to Brute-Force Attacks
Vulnerability Description
Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–9999) results in only 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms. Version 1.0.1 fixes the issue.
CVSS Information
N/A
Vulnerability Type
弱口令要求
Vulnerability Title
Schule 安全漏洞
Vulnerability Description
Schule是schule111个人开发者的一个应用程序。 Schule 1.0.1之前版本存在安全漏洞,该漏洞源于generateOTP函数生成的4位OTP组合空间过小,容易受到暴力破解攻击。
CVSS Information
N/A
Vulnerability Type
N/A