19 matches found
EUVD-2013-6609
Malware in sbrugna...
EUVD-2013-6607
Malware in sbrugna...
EUVD-2013-6795
Malware in sbrugna...
CVE-2013-6806
OpenText Exceed OnDemand EoD 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext...
CVE-2013-6805
OpenText Exceed OnDemand EoD 8 uses weak encryption for passwords, which makes it easier for 1 remote attackers to discover credentials by sniffing the network or 2 local users to discover credentials by reading a .eod8 file...
CVE-2013-6994
OpenText Exceed OnDemand EoD 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network...
CVE-2013-6807
The client in OpenText Exceed OnDemand EoD 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses...
Design/Logic Flaw
The client in OpenText Exceed OnDemand EoD 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses...
Design/Logic Flaw
OpenText Exceed OnDemand EoD 8 uses weak encryption for passwords, which makes it easier for 1 remote attackers to discover credentials by sniffing the network or 2 local users to discover credentials by reading a .eod8 file...
Session fixation
OpenText Exceed OnDemand EoD 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network...
Authentication flaw
OpenText Exceed OnDemand EoD 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext...
CVE-2013-6805
OpenText Exceed OnDemand EoD 8 uses weak encryption for passwords, which makes it easier for 1 remote attackers to discover credentials by sniffing the network or 2 local users to discover credentials by reading a .eod8 file...
CVE-2013-6806
OpenText Exceed OnDemand EoD 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext...
CVE-2013-6806
The CVE-2013-6806 entry concerns OpenText Exceed OnDemand (EoD) 8. A crafted response string allows a man-in-the-middle to disable bidirectional authentication, triggering a downgrade to simple authentication and sending credentials in plaintext. The vulnerability is network-exploitable with medi...
CVE-2013-6805
OpenText Exceed OnDemand (EoD) 8 is affected by CVE-2013-6805 due to weak password encryption. The vulnerability enables credential disclosure either by sniffing network traffic or by local access reading a .eod8 file. The description does not specify affected versions beyond EoD 8, nor the exact...
CVE-2013-6807
The client in OpenText Exceed OnDemand EoD 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses...
CVE-2013-6994
CVE-2013-6994 affects OpenText Exceed OnDemand (EoD) 8. The issue is that the session ID is transmitted in cleartext, allowing remote attackers to perform session fixation by sniffing the network. The NVD entry documents a network-based attack with low attack complexity and no required authentica...
CVE-2013-6807
CVE-2013-6807 affects OpenText Exceed OnDemand (EoD) 8. The vulnerability arises because the client supports anonymous ciphers by default, enabling man-in-the-middle attackers to bypass server certificate validation, redirect connections, and obtain sensitive information from crafted responses. R...
CVE-2013-6994
OpenText Exceed OnDemand EoD 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network...