漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism
Vulnerability Description
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect verification to an attacker-controlled email address and subsequently perform a password reset to permanently take over the victim's account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Capgo 授权问题漏洞
Vulnerability Description
Capgo是CAPGO公司的一个专为CapacitorJS开发者打造的移动应用开发和更新平台。 Cap-go 12.128.2之前版本存在安全漏洞,该漏洞源于电子邮件更改机制存在账户接管漏洞,可能允许具有临时认证会话访问权限的攻击者无需密码或MFA验证即可更改注册电子邮件地址,并将验证重定向至攻击者控制的电子邮件地址,随后执行密码重置以永久接管受害者账户。
CVSS Information
N/A
Vulnerability Type
N/A