漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.2.22 - Authentication Token Reuse in Owner ID Prompt Hashing Fallback
Vulnerability Description
OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fallback hash secret for owner-ID prompt obfuscation when commands.ownerDisplay is set to hash and commands.ownerDisplaySecret is unset, creating dual-use of authentication secrets across security domains. Attackers with access to system prompts sent to third-party model providers can derive the gateway authentication token from the hash outputs, compromising gateway authentication security.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
密钥管理错误
Vulnerability Title
OpenClaw 加密问题漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.22之前版本存在加密问题漏洞,该漏洞源于跨安全域双重使用身份验证密钥,可能导致网关身份验证令牌泄露。
CVSS Information
N/A
Vulnerability Type
N/A