Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Talishar: Authentication Bypass via Empty authKey Parameter Allows Unauthenticated Game Actions
Vulnerability Description
Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions — including sending chat messages and submitting game inputs — by supplying an empty authKey parameter (authKey=). The server-side validation uses a loose comparison that accepts an empty string as a valid credential, while correctly rejecting non-empty but incorrect keys. This asymmetry means the authentication mechanism can be completely bypassed without knowing any valid token. This issue has been patched in commit a9c218e.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Talishar 授权问题漏洞
Vulnerability Description
Talishar是Talishar开源的一个游戏客户端。 Talishar a9c218e之前版本存在授权问题漏洞,该漏洞源于身份验证绕过,可能导致未经验证的攻击者通过提供空authKey参数执行经过身份验证的游戏操作。
CVSS Information
N/A
Vulnerability Type
N/A