RuoYi AI /prod-api/auth/login weak password vulnerability

漏洞挖掘 | 1分钟内

十一月 14, 2025

弱口令若依

Title: RuoYi AI /prod-api/auth/login weak password vulnerability

BUG_Author: Tajang

Affected Version: RuoYi AI all version

Vendor: RuoYi

Software: RuoYi AI

Vulnerability Files:

/prod-api/auth/login

Description:

Cause of the vulnerability:
The Ruoyi AI chat application did not use dynamic passwords during website setup, and the default backend administrator password allowed direct system login.

Account and Password:

1username：admin
2
3password：admin123

Proof of Concept:

Several provided test sites:

1http://61.169.215.202:8081/prod-api/auth/login#/login
2http://siweiyuanjian.top:8002/prod-api/auth/login#/login
3http://47.96.75.143:18081/prod-api/auth/login#/login
4http://admin.zjsfsz.com:9091/prod-api/auth/login#/login
5http://110.41.54.147/prod-api/auth/login#/login
6https://hanyeai.cn/prod-api/auth/login#/login