Apache ShenYu dashboardUser Account password leak vulnerability CVE-2021-37580
Apache ShenYu dashboardUser Account password leak vulnerability CVE-2021-37580
Apache ShenYu dashboardUser Account password leak vulnerability CVE-2021-37580
Vulnerability Description
Apache ShenYu Admin exposed an authentication bypass vulnerability. An attacker can bypass JSON Web Token (JWT) security authentication and directly enter the system background.
Vulnerability Impact
Apache ShenYu 2.3.0
Apache ShenYu 2.4.0
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/dashboardUser
This post is licensed under CC BY 4.0 by the author.