Authorization

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security feature issue vulnerability exists in Object First version 1.0.7.712, which stems from JWT tokens using keys generated by functions that do not produce cryptographically strong sequences, which can be predicted b...

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security signature issue vulnerability exists in Object First version 1.0.7.712, which stems from the use of an insecure RNG in the command that creates URLs for support packages, which could allow an attacker to access...

Object First 安全漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security vulnerability exists in Object First version 1.0.7.712, which stems from the command to set the hostname not validating the input parameters, resulting in arbitrary data that can be directed to the Bash...