Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure
Vulnerability Description
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability is fixed in 5.8.1.
CVSS Information
N/A
Vulnerability Type
不充分的加密强度
Vulnerability Title
OrangeHRM 加密问题漏洞
Vulnerability Description
OrangeHRM是美国OrangeHRM公司的一套人力资源管理系统(HRM)。该系统支持人事信息管理、休假管理、考勤管理和招聘管理等功能。 OrangeHRM 5.8及之前版本存在加密问题漏洞,该漏洞源于使用ECB模式的AES加密某些敏感字段,可能导致存储数据的模式泄露。
CVSS Information
N/A
Vulnerability Type
N/A