The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html | Third Party Advisory |
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344 | Third Party Advisory |
Configurations
Information
Published : 2021-05-28 01:15
Updated : 2022-05-27 07:05
NVD link : CVE-2021-32543
Mitre link : CVE-2021-32543
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
sysjust
- cts_web