Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. NOTE: this is disputed by the Supplier because, by design, the product successfully authenticates a client that possesses a cookie whose validity time interval includes the current time, and thus authentication after any type of "interception" is not a violation of the security model. (The cookie has the HttpOnly attribute.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Quest One Identity 安全漏洞
Vulnerability Description
Quest One Identity是美国Quest公司的一个具有管理用户身份、控制存取权限功能的软件。 Quest One Identity 7.5.1.20903版本存在安全漏洞,该漏洞源于OTP绕过,可能导致攻击者控制任意账户。
CVSS Information
N/A
Vulnerability Type
N/A