Описание
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 8012 (включая)
Одно из
cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00192
Низкий
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
EPSS
Процентиль: 41%
0.00192
Низкий
5 Medium
CVSS2
Дефекты
CWE-310