2 matches found
CVE-2018-15681
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...
CVE-2018-15681
CVE-2018-15681 affects BTITeam XBTIT 2.5.4. The issue: on login, the user’s password hash is rehashed with a weak, predictable salt and stored in a cookie named “pass” that is not HTTPOnly. An attacker who steals this cookie can brute-force the hash to recover the cleartext password. Publicly doc...