5 matches found
libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...
CVE-2026-5119
CVE-2026-5119 concerns libsoup. The flaw: when establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext inside the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, enabling ...
CVE-2020-36917
CVE-2020-36917 affects iDS6 DSSPro Digital Signage System 6.2. The issue is a sensitive information disclosure where authentication credentials can be intercepted via cleartext cookies transmitted over HTTP. The autoSave feature is cited as enabling password capture during man-in-the-middle attac...
CVE-2025-25613
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext usi...
CVE-2019-19739
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels...