| 제목 | perfree go-fastdfs-web ≤1.3.7 Hardcoded Apache Shiro Cipher Key |
|---|
| 설명 | A critical security vulnerability exists in go-fastdfs-web due to the use of a hardcoded AES encryption key in the Apache Shiro RememberMe functionality. This allows unauthenticated remote attackers to craft malicious serialized objects, encrypt them with the known key, and achieve Remote Code Execution (RCE) on the target server. |
|---|
| 원천 | ⚠️ https://www.notion.so/go-fastdfs-web-Hardcoded-Apache-Shiro-Cipher-Key-reach-RCE-313ea92a3c41806fae44dffe53e69751 |
|---|
| 사용자 | din4 (UID 50867) |
|---|
| 제출 | 2026. 02. 26. PM 05:16 (1 월 ago) |
|---|
| 모더레이션 | 2026. 03. 11. PM 01:58 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 350392 [perfree go-fastdfs-web 까지 1.3.7 Apache Shiro RememberMe ShiroConfig.java rememberMeManager 약한 암호화] |
|---|
| 포인트들 | 15 |
|---|