PT-2017-12192 · Boozt · Boozt Fashion

Nightwatchcyber

Published

2017-07-28

Updated

2017-08-15

CVE-2017-11706

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Boozt Fashion versions prior to 2.3.4

Description The issue allows remote attackers to read login credentials by sniffing the network due to the lack of SSL encryption. The vendor initially considered this an accepted risk, noting that only the checkout part of the site used HTTPS.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to enable SSL logins and mitigate the risk of credential exposure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-11706

Affected Products

Boozt Fashion

PT-2017-12192 · Boozt · Boozt Fashion

CVE-2017-11706

Weakness Enumeration

Related Identifiers

Affected Products

References · 4