| 제목 | RuoYi-Vue 3.8.9 Information Disclosure |
|---|
| 설명 | If user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key. |
|---|
| 원천 | ⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4 |
|---|
| 사용자 | s0l42 (UID 82389) |
|---|
| 제출 | 2025. 04. 28. AM 05:49 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 10. AM 08:07 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 308282 [yangzongzhuan RuoYi-Vue 까지 3.8.9 Password login.vue 정보 공개] |
|---|
| 포인트들 | 14 |
|---|