{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "servicedesk-loginjs-security-bypass(69841)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"}, {"name": "49636", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49636"}, {"name": "8385", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8385"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"}, {"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1509", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "servicedesk-loginjs-security-bypass(69841)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"}, {"name": "49636", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49636"}, {"name": "8385", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8385"}, {"name": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp", "refsource": "MISC", "url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"}, {"name": "20110914 CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1509", "datePublished": "2011-09-20T10:00:00", "dateReserved": "2011-03-23T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "440CF514-D703-411C-A171-550EE1CD8F4F", "versionEndIncluding": "8012", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:servicedesk_plus:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D645B-E44D-4C92-AC26-5D72110A7A3E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network."}, {"lang": "es", "value": "La funci\u00f3n EncryptPassword en Login.js en ManageEngine ServiceDesk Plus (SDP) v8012 y anteriores utiliza un cifrado C\u00e9sar para el cifrado de contrase\u00f1as en las cookies, lo que hace m\u00e1s f\u00e1cil para los atacantes remotos obtener informaci\u00f3n sensible por la captura de tr\u00e1fico (sniffing)de la red."}], "id": "CVE-2011-1509", "lastModified": "2018-10-09T19:31:04.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-20T10:55:02.343", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8385"}, {"source": "cve@mitre.org", "url": "http://www.coresecurity.com/content/multiples-vulnerabilities-manageengine-sdp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/519652/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49636"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}