Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Keygraph Shannon Hard-coded Router API Key
Vulnerability Description
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instance using the victim’s configured upstream provider API credentials, resulting in unauthorized API usage and potential disclosure of proxied request and response data. This vulnerability's general exploitability has been mitigated with the introduction of commit 023cc95.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Shannon 信任管理问题漏洞
Vulnerability Description
Shannon是KeygraphHQ开源的一个白盒渗透测试工具。 Shannon存在信任管理问题漏洞,该漏洞源于路由器配置中包含硬编码API密钥,可能导致未经身份验证的攻击者进行代理请求和潜在的数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A