| عنوان | RuoYi-Vue 3.8.9 Information Disclosure |
|---|
| الوصف | If user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key. |
|---|
| المصدر | ⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4 |
|---|
| المستخدم | s0l42 (UID 82389) |
|---|
| ارسال | 28/04/2025 05:49 AM (1 سنة منذ) |
|---|
| الاعتدال | 10/05/2025 08:07 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 308282 [yangzongzhuan RuoYi-Vue حتى 3.8.9 Password login.vue الكشف عن المعلومات] |
|---|
| النقاط | 14 |
|---|