Vulnerability in Manageengine Servicedesk_plus

CVE-2011-1509

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sni…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (41.0th percentile) — read the EPSS interpretation.

Affected products

Manageengine Servicedesk_plus — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

servicedesk-loginjs-security-bypass(69841) (vdb-entry, x_refsource_XF)
49636 (vdb-entry, x_refsource_BID)
8385 (x_refsource_SREASON, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (mailing-list, x_refsource_BUGTRAQ)