Vulnerability Details CVE-2020-3935
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b
- https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac
- https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html
- https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760b
- https://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bac
- https://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html
Products affected by CVE-2020-3935
-
cpe:2.3:a:secom:dr.id_access_control:3.3.2
-
cpe:2.3:a:secom:dr.id_attendance_system:-