PT-2023-11496 · Cmseasy · Cmseasy

Godepic

Publicado

2023-06-27

Atualizado

2023-07-05

CVE-2020-18406

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions cmseasy version 7.0.0

Description An issue was discovered that allows user credentials to be sent in clear text due to no encryption of form data.

Recommendations For cmseasy version 7.0.0, consider implementing encryption for form data to prevent user credentials from being sent in clear text. As a temporary workaround, restrict access to sensitive areas of the application until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2020-18406

Produtos afetados

Cmseasy

PT-2023-11496 · Cmseasy · Cmseasy

CVE-2020-18406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4