Use of Hard-coded Credentials in Nacos
High severity
GitHub Reviewed
Published
Jul 6, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2023
Description
Published by the National Vulnerability Database
Jul 5, 2022
Published to the GitHub Advisory Database
Jul 6, 2022
Reviewed
Jul 6, 2022
Last updated
Apr 4, 2023
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
References