CVEDB API

Vulnerability Details CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.6%

CVSS Severity

CVSS v2 Score 5.0

References

http://securityreason.com/securityalert/8385
http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp
http://www.securityfocus.com/archive/1/519652/100/0/threaded
http://www.securityfocus.com/bid/49636
https://exchange.xforce.ibmcloud.com/vulnerabilities/69841
http://securityreason.com/securityalert/8385
http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp
http://www.securityfocus.com/archive/1/519652/100/0/threaded
http://www.securityfocus.com/bid/49636
https://exchange.xforce.ibmcloud.com/vulnerabilities/69841

Products affected by CVE-2011-1509

Manageengine » Servicedesk Plus » Version: Any

cpe:2.3:a:manageengine:servicedesk_plus:*
Manageengine » Servicedesk Plus » Version: 8.0

cpe:2.3:a:manageengine:servicedesk_plus:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-1509

Products

Pricing

Contact Us