Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as "%d %H:%M:%S" without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenML Frontend 安全漏洞
Vulnerability Description
OpenML Frontend是OpenML开源的一个OpenML前端页面。 OpenML Frontend v2.0.20241110版本存在安全漏洞,该漏洞源于使用可预测的基于MD5的令牌,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A