Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2023-12-15T09:20:19.843Z
Updated: 2024-01-17T07:23:16.501Z
Reserved: 2023-11-16T04:08:17.028Z
Link: CVE-2023-48392
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-15T10:15:07.590
Modified: 2023-12-22T15:46:03.297
Link: CVE-2023-48392
JSON object: View
Redhat Information
No data.
CWE