Описание
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (включая)
Одно из
cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:p1:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:b:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:p1:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:p2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00291
Низкий
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
EPSS
Процентиль: 52%
0.00291
Низкий
5 Medium
CVSS2
Дефекты
CWE-255