| Название | RuoYi-Vue 3.8.9 Information Disclosure |
|---|
| Описание | If user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key. |
|---|
| Источник | ⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4 |
|---|
| Пользователь | s0l42 (UID 82389) |
|---|
| Представление | 28.04.2025 05:49 (1 Год назад) |
|---|
| Модерация | 10.05.2025 08:07 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 308282 [yangzongzhuan RuoYi-Vue до 3.8.9 Password login.vue раскрытие информации] |
|---|
| Баллы | 14 |
|---|