CVE-2011-1509

Name of the Vulnerable Software and Affected Versions ManageEngine ServiceDesk Plus (SDP) versions 8012 and earlier

Description The issue concerns the encryption of passwords in cookies. It is related to the encryptPassword function in Login.js, which uses a Caesar cipher for encryption. This makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Recommendations For ManageEngine ServiceDesk Plus (SDP) versions 8012 and earlier, as a temporary workaround, consider disabling the encryptPassword function in Login.js until a proper encryption method is implemented. Restrict access to sensitive information and network traffic to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.