PT-2017-8772 · Omnimetrix · Omniview
Bill Voltmer
·
Publicado
2017-02-13
·
Atualizado
2017-02-17
·
CVE-2016-5786
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OmniMetrix OmniView version 1.2
Description
An issue was discovered where the OmniView web application transmits credentials using the HTTP protocol, making them susceptible to being intercepted by an attacker, which could result in the compromise of account credentials.
Recommendations
For OmniMetrix OmniView version 1.2, consider disabling the use of HTTP protocol for credential transmission until a secure alternative, such as HTTPS, is implemented to encrypt the data in transit.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Omniview