Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Filament's multi-factor authentication (app) recovery codes can be used multiple times
Vulnerability Description
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. This issue is fixed in version 4.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Filament 安全漏洞
Vulnerability Description
Filament是Filament开源的一个用于加速 Laravel 开发的全栈组件的集合。 Filament 4.0.0版本至4.3.0版本存在安全漏洞,该漏洞源于处理基于应用的多因素身份验证恢复代码时存在缺陷,可能导致恢复代码被无限期重复使用。
CVSS Information
N/A
Vulnerability Type
N/A