Slawomir Jasek

**Name of the Vulnerable Software and Affected Versions** OpenText Exceed OnDemand (EoD) version 8 **Description** The issue allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response. This triggers a downgrade to simple authentication, which sends credentials in plaintext. **Recommendations** For OpenText Exceed OnDemand (EoD) version 8, consider disabling the simple authentication mechanism to prevent the downgrade attack until a patch is available. Restrict access to sensitive information and use alternative secure authentication methods if possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenText Exceed OnDemand (EoD) version 8 **Description** The issue allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses, due to the client supporting anonymous ciphers by default. **Recommendations** For OpenText Exceed OnDemand (EoD) version 8, consider disabling the support for anonymous ciphers to prevent man-in-the-middle attacks.