Описание
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
Ссылки
- ExploitThird Party Advisory
- ExploitMailing List
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- Exploit
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing List
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- Exploit
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.47774
Средний
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
EPSS
Процентиль: 98%
0.47774
Средний
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327