nps icon indicating copy to clipboard operation
nps copied to clipboard

Published 20 hours ago verified publisher icon ehang-io

听说有nps鉴权绕过漏洞

Open Deep0 opened this issue 2 years ago • 11 comments

web/controllers/base.go 听说是auth_key鉴权漏洞,请作者核实一下?

Deep0 avatar Jul 29 '22 12:07 Deep0

也收到了漏洞通知

hongcaohu avatar Aug 01 '22 13:08 hongcaohu

我刚刚复现了,但是没看出来利用价值,每次请求带auth_key可以成功访问页面,但是管理好像不行,没深入看

crazyNing avatar Aug 04 '22 10:08 crazyNing

注释掉auth_key就行了

lishiren-admin avatar Aug 05 '22 05:08 lishiren-admin

注释掉auth_key就行了

应该是去掉authkey的注释

Is4b3lla3 avatar Aug 07 '22 02:08 Is4b3lla3

不用去掉注释,把 auth_key 和auth_crypt_key 同时注释即可

lishiren-admin avatar Aug 08 '22 05:08 lishiren-admin

然并卵?

JAXo-China avatar Aug 16 '22 06:08 JAXo-China

https://jireh.xyz/articles/2022/08/10/1660122191957.html

Jireh012 avatar Aug 18 '22 05:08 Jireh012

https://github.com/carr0t2/nps-auth-bypass

carr0t2 avatar Aug 19 '22 09:08 carr0t2

是不是还有其它漏洞,按照教程修复了,有个叼毛还能一直RDP攻击我,擦

suka23333 avatar Sep 22 '22 06:09 suka23333

是不是还有其它漏洞,按照教程修复了,有个叼毛还能一直RDP攻击我,擦

跟你一样,CPU飙起来。。。

JAXo-China avatar Sep 22 '22 06:09 JAXo-China

https://github.com/yisier/nps/releases/tag/v0.26.14

yisier avatar Dec 30 '22 05:12 yisier