CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%
源码中密码校验处使用 != 符号,而不是hmac.Equal
,这可能导致产生计时攻击漏洞,从而爆破密码。
建议使用 hmac.Equal
比对密码。
Translation:
The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac. Equal to compare passwords.
https://github.com/1Panel-dev/1Panel/blob/dev/backend/app/service/auth.go#L81C5-L81C26
该产品的所有使用者。
Translation:
All users of this product.
Vendor | Product | Version | CPE |
---|---|---|---|
1panel-dev | 1panel | * | cpe:2.3:a:1panel-dev:1panel:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
9.0%