| 标题 | RuoYi-Vue 3.8.9 Information Disclosure |
|---|
| 描述 | If user checked rememberMe in login page, the cookie will carry encrypted password in all of the following requests. However, the private key which can be used to decrypt the password is hard coded in jsencrypt.js, attacker can get encrypted password from cookie and decrypt the password with the private key. |
|---|
| 来源 | ⚠️ https://magnificent-dill-351.notion.site/Password-Disclosure-in-RuoYi-Vue-3-8-9-1e3c693918ed80ee9799f270c8346cd4 |
|---|
| 用户 | s0l42 (UID 82389) |
|---|
| 提交 | 2025-04-28 05時49分 (1 年前) |
|---|
| 管理 | 2025-05-10 08時07分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 308282 [yangzongzhuan RuoYi-Vue 直到 3.8.9 Password login.vue 信息公开] |
|---|
| 积分 | 14 |
|---|