| Название | perfree go-fastdfs-web ≤1.3.7 Hardcoded Apache Shiro Cipher Key |
|---|
| Описание | A critical security vulnerability exists in go-fastdfs-web due to the use of a hardcoded AES encryption key in the Apache Shiro RememberMe functionality. This allows unauthenticated remote attackers to craft malicious serialized objects, encrypt them with the known key, and achieve Remote Code Execution (RCE) on the target server. |
|---|
| Источник | ⚠️ https://www.notion.so/go-fastdfs-web-Hardcoded-Apache-Shiro-Cipher-Key-reach-RCE-313ea92a3c41806fae44dffe53e69751 |
|---|
| Пользователь | din4 (UID 50867) |
|---|
| Представление | 26.02.2026 17:16 (1 месяц назад) |
|---|
| Модерация | 11.03.2026 13:58 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 350392 [perfree go-fastdfs-web до 1.3.7 Apache Shiro RememberMe ShiroConfig.java rememberMeManager слабое шифрование] |
|---|
| Баллы | 15 |
|---|