4 matches found
CVE-2013-6805
OpenText Exceed OnDemand (EoD) 8 is affected by CVE-2013-6805 due to weak password encryption. The vulnerability enables credential disclosure either by sniffing network traffic or by local access reading a .eod8 file. The description does not specify affected versions beyond EoD 8, nor the exact...
CVE-2013-6806
The CVE-2013-6806 entry concerns OpenText Exceed OnDemand (EoD) 8. A crafted response string allows a man-in-the-middle to disable bidirectional authentication, triggering a downgrade to simple authentication and sending credentials in plaintext. The vulnerability is network-exploitable with medi...
CVE-2013-6807
CVE-2013-6807 affects OpenText Exceed OnDemand (EoD) 8. The vulnerability arises because the client supports anonymous ciphers by default, enabling man-in-the-middle attackers to bypass server certificate validation, redirect connections, and obtain sensitive information from crafted responses. R...
CVE-2013-6994
CVE-2013-6994 affects OpenText Exceed OnDemand (EoD) 8. The issue is that the session ID is transmitted in cleartext, allowing remote attackers to perform session fixation by sniffing the network. The NVD entry documents a network-based attack with low attack complexity and no required authentica...