Описание
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69841
- http://securityreason.com/securityalert/8385
- http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp
- http://www.securityfocus.com/archive/1/519652/100/0/threaded
- http://www.securityfocus.com/bid/49636
EPSS
CVE ID
Связанные уязвимости
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
EPSS