CVE-2019-17393

Name of the Vulnerable Software and Affected Versions Tomedo Server version 1.7.3

Description The issue concerns the communication between the Customer's Tomedo Server and the Vendor Tomedo Server, which occurs over HTTP in cleartext. This makes it possible for unauthorized actors to intercept the communication. The use of basic authentication allows attackers to base64 decode the intercepted credentials, potentially revealing the username and password.

Recommendations For Tomedo Server version 1.7.3, consider disabling the use of basic authentication over HTTP until a secure alternative, such as HTTPS, can be implemented to encrypt the communication and protect the credentials. As a temporary workaround, restrict access to the Tomedo Server to minimize the risk of unauthorized interception.