Vulnerability Details : CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score for CVE-2011-1509
Probability of exploitation activity in the next 30 days: 0.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1509
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1509
-
http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus | Core Security
-
http://securityreason.com/securityalert/8385
Multiples Vulnerabilities in ManageEngine ServiceDesk Plus - CXSecurity.com
-
http://www.securityfocus.com/bid/49636
ManageEngine ServiceDesk Plus Cross Site Scripting and Authentication Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69841
ManageEngine ServiceDesk Plus Login.js security bypass CVE-2011-1509 Vulnerability Report
-
http://www.securityfocus.com/archive/1/519652/100/0/threaded
SecurityFocus
Products affected by CVE-2011-1509
- cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*
- cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*