Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticator Vulnerable to Authentication Flow Hijack
Vulnerability Description
Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update Gematik Authenticator to version 4.16.0 or greater to receive a patch. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
通信信道源的不正确验证
Vulnerability Title
Authenticator 安全漏洞
Vulnerability Description
Authenticator是Authenticator Extension开源的一个身份验证器。 Authenticator 4.16.0之前版本存在安全漏洞,该漏洞源于身份验证流程可能被劫持,可能导致攻击者利用受害者用户身份进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A