PT-2020-12691 · Castle Rock · Castle Rock Snmpc Online

Published

2020-04-09

Updated

2021-07-21

CVE-2020-11557

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Castle Rock SNMPc Online versions 12.10.10 and earlier

Description An issue was discovered in Castle Rock SNMPc Online where it includes the username and password values in cleartext within each request's cookie value.

Recommendations For Castle Rock SNMPc Online versions 12.10.10 and earlier, update to a version released after 2020-01-28 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-522

Related Identifiers

CVE-2020-11557

Affected Products

Castle Rock Snmpc Online

PT-2020-12691 · Castle Rock · Castle Rock Snmpc Online

CVE-2020-11557

Weakness Enumeration

Related Identifiers

Affected Products

References · 5