Описание
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
Ссылки
- Vendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:workforceroi:xpede:4.1:*:*:*:*:*:*:*
cpe:2.3:a:workforceroi:xpede:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00154
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
EPSS
Процентиль: 36%
0.00154
Низкий
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other