Sign In
Advisories

iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

Go Back
severity
high
date
Affecting

  • V6.2 B2014.12.12.1220

  • V5.6 B2017.07.12.1757

  • V4.3

CWE
  • CWE-319 Cleartext Transmission of Sensitive Information
CVSS
8.6
CVSS V4 Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.