Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VaulTLS has a password-based login exploit in additional user accounts
Vulnerability Description
VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an empty but not NULL password set, attackers can use this to login with an empty password. This is combined with that fact, that previously disabling the password based login only effected the frontend, but still allowed login via the API. This vulnerability is fixed in 0.9.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
弱口令要求
Vulnerability Title
VaulTLS 安全漏洞
Vulnerability Description
VaulTLS是Emily Ehlert个人开发者的一款现代化的解决方案,可轻松管理 mTLS(双向 TLS)证书。 VaulTLS 0.9.1之前版本存在安全漏洞,该漏洞源于空密码设置和API登录绕过,可能导致未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A