Password Exposure Issue in PHPJabbers Class Scheduling System
CVE-2023-36136

6.5MEDIUM

Key Information:

Vendor

PHPjabbers

Vendor
CVE Published:
8 August 2023

What is CVE-2023-36136?

The PHPJabbers Class Scheduling System version 1.0 contains a significant vulnerability related to insufficient password encryption. When editing user accounts, the system fails to encrypt passwords, leading to a potential exposure of usernames and passwords in clear text. This flaw allows attackers to capture sensitive user credentials during the update process, posing a serious security risk for users.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.