漏洞标题
在YMS VIS Pro中的不适当身份验证
漏洞描述信息
YMS VIS Pro是一款面向兽医与食品管理、兽医与农场的信息系统。由于系统凭证生成方法不当及弱密码策略的结合,密码可被轻松猜测和通过暴力攻击枚举。成功的攻击可能导致未经授权的访问和根据分配的用户权限执行操作。此漏洞影响VIS Pro在<= 3.3.0.6版本。该漏洞通过修改身份验证机制和实现额外的认证层以及强密码策略得到了缓解。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
过多认证尝试的限制不恰当
漏洞标题
Improper authentication in YMS VIS Pro
漏洞描述信息
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy, passwords can be easily guessed and enumerated through brute force attacks. Successful attacks can lead to unauthorised access and execution of operations based on assigned user permissions. This vulnerability affects VIS Pro in versions <= 3.3.0.6. This vulnerability has been mitigated by changes in authentication mechanisms and implementation of additional authentication layer and strong password policies.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
弱口令要求
漏洞标题
YMS VIS 安全漏洞
漏洞描述信息
YMS VIS是一个面向兽医和食品管理、兽医和农场的信息系统。 YMS VIS Pro 3.3.0.6版本存在安全漏洞,该漏洞源于系统凭证生成方法不当和密码策略薄弱,密码很容易通过暴力攻击被猜测和枚举。
CVSS信息
N/A
漏洞类别
其他