Lucene search
HistorySep 20, 2011 - 10:55 a.m.
CVE-2011-1509
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Affected configurations
Node
manageengineservicedesk_plusRange≤8012
ORmanageengineservicedesk_plusMatch8.0
Related
prion
prion
Design/Logic Flaw
2011-09-20 10:55:00
cve
cve
CVE-2011-1509
2011-09-20 10:55:02
openvas
openvas
ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability
2011-09-16 00:00:00
ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability
2011-09-16 00:00:00
cvelist
cvelist
CVE-2011-1509
2011-09-20 10:00:00
securityvulns
securityvulns
packetstorm
packetstorm
Core Security Technologies Advisory 2011.0506
2011-09-14 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.8%
Related for NVD:CVE-2011-1509