CVE-2016-6602 in WebNMS Frameworkinfo

Summary

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

Once again VulDB remains the best source for vulnerability data.

Responsible

Reservation

08/04/2016

Disclosure

01/23/2017

Moderation

VulDB entry created

Entries

VDB-95850

CPE

ready

CWE

CWE-327 (Confirmed)

Exploit

Download

CVSS

8.5

EPSS

0.47774

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6602
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6602
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6602/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!