| Título | RuoYi-Vue 3.8.9 Information Disclosure |
|---|
| Descripción | If user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key. |
|---|
| Fuente | ⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4 |
|---|
| Usuario | s0l42 (UID 82389) |
|---|
| Sumisión | 2025-04-28 05:49 (hace 1 Año) |
|---|
| Moderación | 2025-05-10 08:07 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 308282 [yangzongzhuan RuoYi-Vue hasta 3.8.9 Password login.vue divulgación de información] |
|---|
| Puntos | 14 |
|---|