Back to search
CVE-2014-2212
Published: Apr 1, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.sysdream.com/CVE-2014-2211_2214
x_refsource_MISC
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf
x_refsource_MISC
[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now