PT-2017-8772 · Omnimetrix · Omniview

Bill Voltmer

Published

2017-02-13

Updated

2017-02-17

CVE-2016-5786

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OmniMetrix OmniView version 1.2

Description An issue was discovered where the OmniView web application transmits credentials using the HTTP protocol, making them susceptible to being intercepted by an attacker, which could result in the compromise of account credentials.

Recommendations For OmniMetrix OmniView version 1.2, consider disabling the use of HTTP protocol for credential transmission until a secure alternative, such as HTTPS, is implemented to encrypt the data in transit.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-5786

Affected Products

Omniview

PT-2017-8772 · Omnimetrix · Omniview

CVE-2016-5786

Weakness Enumeration

Related Identifiers

Affected Products

References · 4