Submeter #566469: RuoYi-Vue 3.8.9 Information Disclosureinformação

TítuloRuoYi-Vue 3.8.9 Information Disclosure
DescriçãoIf user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key.
Fonte⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4
Utilizador
 s0l42 (UID 82389)
Submissão28/04/2025 05h49 (há 1 Ano)
Moderação10/05/2025 08h07 (12 days later)
EstadoAceite
Entrada VulDB308282 [yangzongzhuan RuoYi-Vue até 3.8.9 Password login.vue Divulgação de Informação]
Pontos14

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!