周詳

**Name of the Vulnerable Software and Affected Versions** CGFIDO (affected versions not specified) **Description** The passwordless login mechanism in CGFIDO has an Authentication Bypass issue, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. This enables attackers to compromise security protocols. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CGFIDO (affected versions not specified) **Description** The login mechanism via device authentication of CGFIDO from Changing Information Technology has an authentication bypass issue. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openfind MailGates and MailAudit (affected versions not specified) **Description** The issue concerns the session cookie in MailGates and MailAudit, which does not have the HttpOnly flag enabled. This allows remote attackers to potentially steal the session cookie via XSS. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openfind Mail2000 (affected versions not specified) **Description** The issue allows unauthenticated remote attackers to inject JavaScript code within email attachments, resulting in Stored Cross-site scripting attacks, due to improper validation of email attachments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Openfind Mail2000 (affected versions not specified) **Description** The issue allows unauthenticated remote attackers to bypass the HttpOnly flag. Attackers can exploit this using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.