| 제목 | MaximaTech Portal Executivo - Password stored in Cookies |
|---|
| 설명 | The application MaximaTech Portal Executivo x.x.x.x stores user and password in clear text in cookies that allows attackers to disclosure credentials, we detected this vulnerability by capturing network traffic, in this occasion the application was not using HTTPS, so it was possible to collect credentials in cookies of the request.
Attack vetor:
Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the application.
Credits:
Luigi Polidório¸ Robson Rodrigues, Red Team Softwall |
|---|
| 원천 | ⚠️ https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4 |
|---|
| 사용자 | LuigiSoftwall (UID 51872) |
|---|
| 제출 | 2023. 07. 31. PM 06:05 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 08. 16. PM 03:12 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 237316 [MaximaTech Portal Executivo 21.9.1.140 Cookie 약한 암호화] |
|---|
| 포인트들 | 17 |
|---|