Security Advisory

CVE-2023-48392

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-15 09:20:19

Last updated 2024-10-14 03:39:11

Assigner twcert

State PUBLISHED

Description

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.

← Browse all CVEs View on cve.org ↗