| عنوان | MaximaTech Portal Executivo - Password stored in Cookies |
|---|
| الوصف | The application MaximaTech Portal Executivo x.x.x.x stores user and password in clear text in cookies that allows attackers to disclosure credentials, we detected this vulnerability by capturing network traffic, in this occasion the application was not using HTTPS, so it was possible to collect credentials in cookies of the request.
Attack vetor:
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the application.
Credits:
Luigi Polidório¸ Robson Rodrigues, Red Team Softwall |
|---|
| المصدر | ⚠️ https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4 |
|---|
| المستخدم | LuigiSoftwall (UID 51872) |
|---|
| ارسال | 31/07/2023 06:05 PM (3 سنوات منذ) |
|---|
| الاعتدال | 16/08/2023 03:12 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 237316 [MaximaTech Portal Executivo 21.9.1.140 Cookie تشفير ضعيف] |
|---|
| النقاط | 17 |
|---|