Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
turms 安全漏洞
Vulnerability Description
turms是turms-im开源的一个即时通讯引擎。 turms v0.10.0-SNAPSHOT及之前版本存在安全漏洞,该漏洞源于管理员密码以明文存储,可能导致密码泄露。
CVSS Information
N/A
Vulnerability Type
N/A