Lucene search
MitreCVE-2011-1509HistorySep 20, 2011 - 10:55 a.m.
CVE-2011-1509
2011-09-2010:55:02
CWE-310
mitre
web.nvd.nist.gov
24
cve-2011-1509
manageengine servicedesk plus
vulnerability
encryption
caesar cipher
network sniffing
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
70.8%
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Affected configurations
Node
manageengineservicedesk_plusRange≤8012
ORmanageengineservicedesk_plusMatch8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| manageengine | servicedesk_plus | * | cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:* |
| manageengine | servicedesk_plus | 8.0 | cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2011-09-20 10:55:00
nvd
nvd
CVE-2011-1509
2011-09-20 10:55:02
cvelist
cvelist
CVE-2011-1509
2011-09-20 10:00:00
openvas
openvas
ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability
2011-09-16 00:00:00
ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability
2011-09-16 00:00:00
securityvulns
securityvulns
packetstorm
packetstorm
Core Security Technologies Advisory 2011.0506
2011-09-14 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.003
Percentile
70.8%
Related for CVE-2011-1509