11 matches found
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
EUVD-2017-9602
Malware in sbrugna...
Jitbit Software Helpdesk Security Feature Issue Vulnerability
Jitbit Software Helpdesk is a helpdesk ticketing system from Jitbit Software in the UK. A security feature issue vulnerability exists in Jitbit Software Helpdesk versions prior to 9.0.3 that stems from the program not handling the 'userHash' parameter correctly. A remote attacker can exploit the...
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
Authentication flaw
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...
CVE-2017-18486
Jitbit Helpdesk (before 9.0.3) is affected by an authentication flaw tied to mishandling of the User/AutoLogin userHash parameter. Tokens in a password-reset flow can be studied to reveal a weak PRNG-derived shared secret used for remote authentication, enabling an attacker to forge tokens for an...
JitBit HelpDesk <= 9.0.2 - Authentication Bypass Vulnerability
Exploit for asp platform in category web applications Exploit Title: JitBit HelpDesk = 9.0.2 Broken Authentication Google Dork: "Powered by Jitbit HelpDesk" -site:jitbit.com Date: 09/22/2017 Exploit Author: Rob Simon Kc57 - TrustedSec www.trustedsec.com Vendor Homepage:...
JitBit HelpDesk 9.0.2 - Authentication Bypass
JitBit HelpDesk 9.0.2 - Authentication Bypass Exploit Title: JitBit HelpDesk = 9.0.2 Broken Authentication Google Dork: "Powered by Jitbit HelpDesk" -site:jitbit.com Date: 09/22/2017 Exploit Author: Rob Simon Kc57 - TrustedSec www.trustedsec.com Vendor Homepage: https://www.jitbit.com/helpdesk/...
JitBit HelpDesk < 9.0.2 - Authentication Bypass
Exploit Title: JitBit HelpDesk = 9.0.2 Broken Authentication Google Dork: "Powered by Jitbit HelpDesk" -site:jitbit.com Date: 09/22/2017 Exploit Author: Rob Simon Kc57 - TrustedSec www.trustedsec.com Vendor Homepage: https://www.jitbit.com/helpdesk/ Download Link:...