PT-2022-9923 · Unknown · Northstar Club Management

Alexandre Larocque

Published

2022-02-04

Updated

2022-02-08

CVE-2021-29397

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions NorthStar Club Management version 6.3

Description The issue allows remote local users to intercept user credentials transmitted in cleartext over HTTP due to cleartext transmission of sensitive information in the /northstar/Admin/login.jsp endpoint.

Recommendations For version 6.3, consider restricting access to the /northstar/Admin/login.jsp endpoint until a secure connection method, such as HTTPS, is implemented to encrypt sensitive information. As a temporary workaround, avoid using the username and password variables in the affected API endpoint until the issue is resolved.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2021-29397

Affected Products

Northstar Club Management

PT-2022-9923 · Unknown · Northstar Club Management

CVE-2021-29397

Weakness Enumeration

Related Identifiers

Affected Products

References · 5