Vulnerability Details : CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Products affected by CVE-2011-1509
- cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1509
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1509
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1509
-
http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus | Core Security
-
http://securityreason.com/securityalert/8385
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus - CXSecurity.com
-
http://www.securityfocus.com/bid/49636
ManageEngine ServiceDesk Plus Cross Site Scripting and Authentication Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69841
ManageEngine ServiceDesk Plus Login.js security bypass CVE-2011-1509 Vulnerability Report
-
http://www.securityfocus.com/archive/1/519652/100/0/threaded
SecurityFocus
Jump to