| tiêu đề | joey-zhou xiaozhi-esp32-server-java V3.0.0 Improper Authentication |
|---|
| Mô tả | Xiaozhi ESP32 Server Java V3.0.0 (the latest version) contains an authentication bypass vulnerability. Attackers can exploit the access whitelist set by the developer to obtain sensitive user information and forge cookies to impersonate any user login.
Project address:https://github.com/joey-zhou/xiaozhi-esp32-server-java
Scope of impact: Several companies have been found to have deployed this service. The ICO can be used as a fingerprint for searching. |
|---|
| Nguồn | ⚠️ https://github.com/joey-zhou/xiaozhi-esp32-server-java/issues/143 |
|---|
| Người dùng | zzdzz (UID 93061) |
|---|
| Đệ trình | 12/12/2025 08:24 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 27/12/2025 10:53 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 338513 [joey-zhou xiaozhi-esp32-server-java đến 3.0.0 Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies xác thực yếu] |
|---|
| điểm | 20 |
|---|