| タイトル | macrozheng mall 1.0.3 Cleartext Transmission of Sensitive Information |
|---|
| 説明 | mall v1.0.3, an e-commerce platform with over 81.1k stars on GitHub, is vulnerable to insecure transmission of user credentials. During the authentication process, plain passwords are submitted over unencrypted HTTP rather than HTTPS. Other APIs that require token authentication also use HTTP. This exposes sensitive information(i.e., Passwords and JWT Token) to interception by network-based attackers using packet sniffing or Man-in-the-Middle (MitM) attacks. Captured credentials can be reused to gain admin access, leading to Account Takeover. |
|---|
| ソース | ⚠️ https://github.com/N1n3b9S/cve/issues/10 |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2025年07月26日 09:40 (9 月 ago) |
|---|
| モデレーション | 2025年08月08日 10:50 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319237 [macrozheng mall 迄 1.0.3 /admin/login 弱い暗号化] |
|---|
| ポイント | 20 |
|---|