Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, to execute login account’s permissions, and obtain relevant information.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7622-57e5f-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2023-12-15T09:20:19.843Z
Updated: 2024-08-02T21:30:35.223Z
Reserved: 2023-11-16T04:08:17.028Z
Link: CVE-2023-48392
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-15T10:15:07.590
Modified: 2023-12-22T15:46:03.297
Link: CVE-2023-48392
Redhat
No data.