Описание
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:teekai:tracking_online:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00249
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.
EPSS
Процентиль: 48%
0.00249
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327