Soumettre #566469: RuoYi-Vue 3.8.9 Information Disclosureinformation

TitreRuoYi-Vue 3.8.9 Information Disclosure
DescriptionIf user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key.
La source⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4
Utilisateur
 s0l42 (UID 82389)
Soumission28/04/2025 05:49 (il y a 1 Année)
Modérer10/05/2025 08:07 (12 days later)
StatutAccepté
Entrée VulDB308282 [yangzongzhuan RuoYi-Vue jusqu’à 3.8.9 Password login.vue divulgation d'information]
Points14

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!