Описание
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:meridian_software:prolog_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:meridian_software:prolog_manager:7.5:*:*:*:*:*:*:*
cpe:2.3:a:meridian_software:prolog_manager:2007:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05095
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
EPSS
Процентиль: 90%
0.05095
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other