漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding
Vulnerability Description
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature verification.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
OpenClaw 安全漏洞
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在安全漏洞,该漏洞源于webhook签名处理中存在重放检测绕过漏洞,将Base64和Base64URL编码的签名视为不同请求,攻击者可重新编码Telnyx webhook签名以绕过重放检测,同时保持有效的签名验证。
CVSS Information
N/A
Vulnerability Type
N/A