{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-04-01T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.sysdream.com/CVE-2014-2211_2214"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf"}, {"name": "[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q1/444"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sysdream.com/CVE-2014-2211_2214", "refsource": "MISC", "url": "http://www.sysdream.com/CVE-2014-2211_2214"}, {"name": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf", "refsource": "MISC", "url": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf"}, {"name": "[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q1/444"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2212", "datePublished": "2014-04-01T17:00:00", "dateReserved": "2014-02-26T00:00:00", "dateUpdated": "2014-04-01T16:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*", "matchCriteriaId": "0202FFDD-0449-45AA-AF30-DF9CE58C4DFB", "versionEndIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B12CFCE-62F4-4906-BEC1-ADE047E8A3B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "74FBCCFD-6B4F-465D-B9EF-FF78F960E341", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "86D338B8-C521-4698-8A01-FA18421CED62", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFEE89FC-5FB1-4FA3-B34C-C0061720BE76", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E84A51F-6604-4CF5-BD96-B6AAE775C9A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B1A8434-4333-490F-8FD6-2D28603CEC16", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.5:-:*:*:*:*:*:*", "matchCriteriaId": "0A4A5904-AA2C-49C3-A39E-963D91A8D57B", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.5:beta:*:*:*:*:*:*", "matchCriteriaId": "F0F82E5D-B43E-4D46-BE31-F5458F5BE420", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "7D599B23-0C91-468D-8020-F3FB5EEF2EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.5:rc:*:*:*:*:*:*", "matchCriteriaId": "11C02B2C-3014-466D-AB9D-3DB95C271479", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D72BABF-6274-4422-ADA1-9C97431AD036", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.0:-:*:*:*:*:*:*", "matchCriteriaId": "07FEBF77-7679-4B3A-A66E-BDE165315137", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "1D15C6E0-376A-4395-B0DE-516E7245A660", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F4C76605-730A-4A9F-841C-DC7BBEF368EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.0:p1:*:*:*:*:*:*", "matchCriteriaId": "08D90BB6-528A-4067-81C2-F060B66B035C", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.0:rc:*:*:*:*:*:*", "matchCriteriaId": "6015AB0D-76C9-4A0A-AB88-5B95803874D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.1:-:*:*:*:*:*:*", "matchCriteriaId": "49A5013D-1C49-43F4-A03D-FCAC03622065", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.1:b:*:*:*:*:*:*", "matchCriteriaId": "FF352FE0-5959-4F4B-BB9D-56C3F9EA40F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.1:p1:*:*:*:*:*:*", "matchCriteriaId": "124A666D-F83E-48CF-891F-C828B30C1981", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.1:p2:*:*:*:*:*:*", "matchCriteriaId": "7F2F78F2-2E87-41ED-961F-3AD5DC794C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.1:rc:*:*:*:*:*:*", "matchCriteriaId": "35D5F839-E594-4C42-A27E-89B33772E8E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.2:-:*:*:*:*:*:*", "matchCriteriaId": "7AFC7977-C25E-4197-8571-01280A4C143A", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.2:beta:*:*:*:*:*:*", "matchCriteriaId": "29C44404-A9B4-453B-B865-E42FD01E445B", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.2:rc:*:*:*:*:*:*", "matchCriteriaId": "DBE1CE3A-991A-47AD-9DB9-F9ECCCB1B3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "69434D04-2789-4960-BEC0-9E7478BC2A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A6D1173-A71D-453A-8E12-51F277A96F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC7AB773-7FB1-4EF1-A234-25FAF937F2CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0:-:*:*:*:*:*:*", "matchCriteriaId": "060C5481-917E-4C73-A485-336E6A121CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0:beta:*:*:*:*:*:*", "matchCriteriaId": "DCB94D56-E30C-4109-B3F9-FAD17A07A3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DF6A8414-F03C-487A-ADEF-61E0C362A743", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2CE53F1A-9C19-4DB0-97B6-41DA3230FB20", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE5B6002-A657-44F2-B12C-78ED66D4FEDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C7477997-6B4C-4EF3-86FF-945C6836A558", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2594B37C-D2EC-47B6-9448-10808313CE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "57FCC2B7-A659-492E-81FC-1FF8EA8E0D5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C291651E-A103-4523-92C0-9772BE4A3295", "vulnerable": true}, {"criteria": "cpe:2.3:a:posh_project:posh:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "865C28AD-DA01-4C89-8122-070FC172C1B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie."}, {"lang": "es", "value": "La funcionalidad Remember Me en portal/scr_authentif.php en POSH (tambi\u00e9n conocido como portal Posh o Portaneo) 3.0, 3.2.1, 3.3.0 y anteriores almacena el nombre de usuario y MD5 Digest de la contrase\u00f1a en texto plano en una cookie, lo que permite a atacantes obtener informaci\u00f3n sensible mediante la lectura de esta cookie."}], "id": "CVE-2014-2212", "lastModified": "2014-04-02T15:03:51.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-01T17:55:05.670", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q1/444"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.sysdream.com/CVE-2014-2211_2214"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}