Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HyperCloud Improper Refresh Token Validation and Access Token Invalidation Allows Long-Term Unauthorized Access
Vulnerability Description
HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated client could use a refresh token in place of an access token to maintain long-term access without token rotation. Additionally, old access tokens remained valid after refresh, enabling concurrent or extended use beyond intended session boundaries. This vulnerability could allow prolonged unauthorized access if a token is disclosed.
CVSS Information
N/A
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
SoftIron HyperCloud 安全漏洞
Vulnerability Description
SoftIron HyperCloud是SoftIron公司的一款智能云架构。 SoftIron HyperCloud 2.6.8及之前版本存在安全漏洞,该漏洞源于允许直接使用刷新令牌进行资源访问,且在使用刷新令牌时未能使先前颁发的访问令牌失效,可能导致长期未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A