Boozt · Boozt Fashion · CVE-2017-11706
**Name of the Vulnerable Software and Affected Versions**
Boozt Fashion versions prior to 2.3.4
**Description**
The issue allows remote attackers to read login credentials by sniffing the network due to the lack of SSL encryption. The vendor initially considered this an accepted risk, noting that only the checkout part of the site used HTTPS.
**Recommendations**
For versions prior to 2.3.4, update to version 2.3.4 or later to enable SSL logins and mitigate the risk of credential exposure.