| tiêu đề | Dígitro NGC Explorer 3.44.15 Plaintext Password in Configuration File |
|---|
| Mô tả | Title: NGC Explorer version 3.44.15 Client-side DOM manipulation allows password exposure
Software affected: NGC Explorer version 3.44.15
Vendor: Dígitro Tecnologia - https://digitro.com/
Description:
A configuration page contains an input field of type password, pre-filled with a sensitive SIP service credential. However, there is no defense against DOM manipulation. By changing the field type to text using browser DevTools, the stored password becomes visible in plaintext.
Technical Details:
An attacker with local access can open browser DevTools (F12), locate the password input field, and change the type="password" attribute to type="text", revealing the user’s password.
Impact:
Sensitive credentials can be exposed to unauthorized users, especially in shared or public environments.
Evidences of exploitation will be send by e-mail. |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 24/04/2025 23:21 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 10/05/2025 07:30 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 308271 [Dígitro NGC Explorer đến 3.44.15/3.48.21 Configuration Page tiết lộ thông tin] |
|---|
| điểm | 17 |
|---|