CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://fatihhcelik.blogspot.com/2020/01/rukovoditel-password-hash-in-cookie-url.html
https://fatihhcelik.blogspot.com/2020/01/rukovoditel-password-hash-in-cookie-url.html

Products affected by CVE-2020-11821

Rukovoditel » Rukovoditel » Version: 2.5.2

cpe:2.3:a:rukovoditel:rukovoditel:2.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11821

Products

Pricing

Contact Us