Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
使用单一因素认证机制
Vulnerability Title
SOGo 安全漏洞
Vulnerability Description
SOGo是Alinto开源的一个非常快速且可扩展的现代协作套件。它提供日历、地址簿管理和功能齐全的 Webmail 客户端以及资源共享和权限处理。 SOGo 5.12.5之前版本存在安全漏洞,该漏洞源于用户禁用或启用OTP时未更新OTP且OTP长度过短,可能导致安全措施不足。
CVSS Information
N/A
Vulnerability Type
N/A