You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The impact code in IceCMS/IceWk-ment/src/main/java/com/ttice/icewkment/controller/UserController.java:
if(!claims){
//前端接收后进行处理
Result.fail(403,"Token已过期",null);
}
//验证之前密码是否正确
QueryWrapper wrapper = new QueryWrapper<>();
wrapper.eq("user_id",userid);
User usercheak = userMapper.selectOne(wrapper);
String password = usercheak.getPassword();
if(Objects.equals(password, yuanPassWord)) {
User user = new User();
user.setUserId(userid);
user.setPassword(NewPassWord);
userMapper.updateById(user);
return Result.succ(200, "修改成功", null);
}
Changing the password does not need to verify the current jwt, so after getting this api address, Hacker can change the password by brute force cracking ,especially when the user password is weak。
The text was updated successfully, but these errors were encountered:
The impact code in IceCMS/IceWk-ment/src/main/java/com/ttice/icewkment/controller/UserController.java:
if(!claims){
//前端接收后进行处理
Result.fail(403,"Token已过期",null);
}
//验证之前密码是否正确
QueryWrapper wrapper = new QueryWrapper<>();
wrapper.eq("user_id",userid);
User usercheak = userMapper.selectOne(wrapper);
String password = usercheak.getPassword();
if(Objects.equals(password, yuanPassWord)) {
User user = new User();
user.setUserId(userid);
user.setPassword(NewPassWord);
userMapper.updateById(user);
return Result.succ(200, "修改成功", null);
}
Changing the password does not need to verify the current jwt, so after getting this api address, Hacker can change the password by brute force cracking ,especially when the user password is weak。
The text was updated successfully, but these errors were encountered: