CVE-2018-11639

Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5 SU2

Description The issue allows remote attackers to access a user's password in cleartext due to plaintext storage of passwords within cookies in the administrative console. This occurs in the /var/www/xms/application/controllers/verifyLogin.php file.

Recommendations For versions prior to 3.5 SU2, update to version 3.5 SU2 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative console to minimize the risk of exploitation. Avoid using the password variable in the affected API endpoint until the issue is resolved.