CVE-2013-6806

Name of the Vulnerable Software and Affected Versions OpenText Exceed OnDemand (EoD) version 8

Description The issue allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response. This triggers a downgrade to simple authentication, which sends credentials in plaintext.

Recommendations For OpenText Exceed OnDemand (EoD) version 8, consider disabling the simple authentication mechanism to prevent the downgrade attack until a patch is available. Restrict access to sensitive information and use alternative secure authentication methods if possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.