Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/05/28 6:39 p.m.36 views

CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:39 p.m.13 views

CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:39 p.m.27 views

CVE-2026-45039

RustFS prior to 1.0.0-beta.2 uses an HMAC-SHA256 signature for internode RPC authentication that falls back to DEFAULT_SECRET_KEY = "rustfsadmin" if neither RUSTFS_RPC_SECRET nor the global S3 secret key is configured. The vulnerability arises from get_shared_secret() in crates/ecstore/src/rpc/ht...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.3 views

ChainSafe js-libp2p-noise 数据伪造问题漏洞

ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. ChainSafe js-libp2p-noise is vulnerable to a data forgery issue that allows a man-in-the-middle to impersonate other peers and disable those peers...

8.1CVSS7.5AI score0.00479EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/12/08 7:15 p.m.4 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

9.8CVSS7.5AI score0.01445EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.5 views

Fortinet FortiWeb 竞争条件问题漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...

9.8CVSS5.7AI score0.01445EPSS
Exploits0References2
OSV
OSV
added 2016/06/07 9:39 p.m.17 views

MGASA-2016-0219 Updated ntp packages fix security vulnerability

ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...

7.5CVSS6.3AI score0.16351EPSS
Exploits1References3
Rows per page
Query Builder