CVE-2011-1509 in ServiceDesk Plusinfo

Summary

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

03/23/2011

Disclosure

09/20/2011

Moderation

VulDB entry created

Entries

VDB-58567 (1)

CPE

ready

CWE

CWE-310 (Confirmed)

CVSS

5.3

EPSS

0.00192

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1509
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1509
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1509/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!