PT-2023-25446 · Phpjabbers · Phpjabbers Class Scheduling System
Published
2023-08-08
·
Updated
2023-08-10
·
CVE-2023-36136
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PHPJabbers Class Scheduling System version 1.0
Description
The issue is related to a lack of encryption on passwords when editing a user account, specifically on the update user page. This allows an attacker to capture all user names and passwords in clear text.
Recommendations
For PHPJabbers Class Scheduling System version 1.0, consider implementing encryption for passwords when editing user accounts to prevent clear text capture. As a temporary workaround, restrict access to the update user page until a proper encryption mechanism is in place.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpjabbers Class Scheduling System