exploitDog

GHSA-7gr9-9892-q2w9

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.

Ссылки

EPSS

Процентиль: 98%

0.62156

Средний

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-2998

nvd

больше 10 лет назад

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.

EPSS

Процентиль: 98%

0.62156

Средний

CVE ID

Дефекты

CWE-200