5 matches found
CVE-2026-22543
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2026-22543 WEEK ENCODING FOR PASSWORDS
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials...
CVE-2026-22543
CVE-2026-22543 affects devices whose web server accepts credentials in Base64 in HTTP headers. The base64 credential transmission is not encryption, enabling an attacker who can observe the login request to obtain credentials. Connected sources (including Red Hat, CIRCL sighting, NVD, CNNVD, and ...
EUVD-2025-31580
Malicious code in bioql PyPI...
CVE-2017-8059
Foxit PDF (iOS) before version 5.4 is vulnerable to accepting invalid/self-signed TLS certificates, enabling a passive or proximity attacker to perform a MITM and silently intercept login credentials (username/password) and an existing authentication token. Root cause: improper TLS certificate va...