漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cal.com Authentication Bypass via bad TOTP + password checks
Vulnerability Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
CVSS Information
N/A
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Cal.com 安全漏洞
Vulnerability Description
Cal.com是Cal.com开源的一个开源的日程安排软件。 Cal.com 5.9.8之前版本存在安全漏洞,该漏洞源于登录凭证提供程序存在逻辑缺陷,可能导致绕过密码验证和未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A