PT-2020-10332 · Mfscripts · Mfscripts Yetishare

Published

2020-02-10

Updated

2020-02-11

CVE-2019-20061

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MFScripts YetiShare versions 3.5.2 through 4.5.4

Description The issue concerns the user-introduction email in MFScripts YetiShare, where the system-picked password may be leaked if the email is sent in cleartext. This means the user does not have the option to choose their initial password.

Recommendations For versions 3.5.2 through 4.5.4, consider configuring the email settings to use encryption, such as TLS, to protect the password in transit. As a temporary workaround, restrict the use of cleartext emails for user introductions until a more secure method is implemented.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2019-20061

Affected Products

Mfscripts Yetishare

PT-2020-10332 · Mfscripts · Mfscripts Yetishare

CVE-2019-20061

Weakness Enumeration

Related Identifiers

Affected Products

References · 6