CVE-2014-2212

Name of the Vulnerable Software and Affected Versions POSH versions 3.0 through 3.3.0 and earlier

Description The issue concerns the storage of sensitive user information in cookies. Specifically, the remember me feature in the portal/scr authentif.php file stores the username and MD5 digest of the password in cleartext in a cookie. This allows attackers to obtain sensitive information by reading this cookie.

Recommendations For POSH versions 3.0 through 3.3.0 and earlier, consider disabling the remember me feature in the portal/scr authentif.php file until a secure alternative is implemented. Restrict access to sensitive information stored in cookies to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.