CVE-2009-2272

2009-07-0112:26:00

mitre

www.cve.org

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

JSON

The Huawei D100 stores the administrator’s account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.

References

www.securityfocus.com/archive/1/504645/100/0/threaded