Enviar #623318: macrozheng mall 1.0.3 Cleartext Transmission of Sensitive Informationinformación

Títulomacrozheng mall 1.0.3 Cleartext Transmission of Sensitive Information
Descripciónmall v1.0.3, an e-commerce platform with over 81.1k stars on GitHub, is vulnerable to insecure transmission of user credentials. During the authentication process, plain passwords are submitted over unencrypted HTTP rather than HTTPS. Other APIs that require token authentication also use HTTP. This exposes sensitive information(i.e., Passwords and JWT Token) to interception by network-based attackers using packet sniffing or Man-in-the-Middle (MitM) attacks. Captured credentials can be reused to gain admin access, leading to Account Takeover.
Fuente⚠️ https://github.com/N1n3b9S/cve/issues/10
Usuario
 Anonymous User
Sumisión2025-07-26 09:40 (hace 9 meses)
Moderación2025-08-08 10:50 (13 days later)
EstadoAceptado
Entrada de VulDB319237 [macrozheng mall hasta 1.0.3 /admin/login cifrado débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!