PT-2014-2935 · Ibm · Algo Security Access Control Management+3

Publicado

2014-03-05

·

Atualizado

2017-08-29

·

CVE-2013-5468

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Algo One versions 4.7.0 through 5.0.0 ACSWeb in Algo Security Access Control Management versions 4.7.0 through 4.9.0 ACSWeb in AlgoWebApps version 5.0.0
Description The issue allows remote attackers to obtain sensitive information by sniffing the network due to the lack of encryption in login requests.
Recommendations For IBM Algo One versions 4.7.0 through 5.0.0, consider implementing encryption for login requests. For ACSWeb in Algo Security Access Control Management versions 4.7.0 through 4.9.0, consider implementing encryption for login requests. For ACSWeb in AlgoWebApps version 5.0.0, consider implementing encryption for login requests.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2013-5468

Produtos afetados

Acsweb
Algo Security Access Control Management
Algowebapps
Ibm Algo One