Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZITADEL: Reactivation of Expired Passkey Registration Codes
Vulnerability Description
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow an attacker to potentially register their own passkey and gain access to the victim's account. This vulnerability is fixed in 3.4.8 and 4.12.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
ZITADEL 代码问题漏洞
Vulnerability Description
ZITADEL是瑞士ZITADEL开源的一个身份和访问管理平台。 ZITADEL 3.4.8之前版本和4.12.2之前版本存在代码问题漏洞,该漏洞源于passkey注册端点存在不当的代码过期检查,可能导致攻击者注册自己的passkey并获取受害者账户的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A