PT-2017-12192 · Boozt · Boozt Fashion

Nightwatchcyber

Publicado

2017-07-28

Atualizado

2017-08-15

CVE-2017-11706

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Boozt Fashion versions prior to 2.3.4

Description The issue allows remote attackers to read login credentials by sniffing the network due to the lack of SSL encryption. The vendor initially considered this an accepted risk, noting that only the checkout part of the site used HTTPS.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to enable SSL logins and mitigate the risk of credential exposure.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-11706

Produtos afetados

Boozt Fashion

PT-2017-12192 · Boozt · Boozt Fashion

CVE-2017-11706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4