Password Encryption Flaw in ManageEngine ServiceDesk Plus by Zoho
CVE-2011-1509

Currently unrated

Key Information:

Vendor

Manageengine
Status
Servicedesk Plus
Vendor
CVE Published:
20 September 2011

What is CVE-2011-1509?

The login functionality in ManageEngine ServiceDesk Plus employs the encryptPassword method within Login.js, which utilizes a simplistic Caesar cipher for encrypting passwords stored in cookies. This inadequate encryption approach allows remote attackers to potentially intercept and decrypt sensitive information transmitted over the network, thereby jeopardizing user account security and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/69841
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/49636
vdb-entryx_refsource_BID
http://securityreason.com/securityalert/8385
third-party-advisoryx_refsource_SREASON

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.