The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Oct/33 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-18T16:04:41
Updated: 2019-10-18T16:05:38
Reserved: 2019-10-09T00:00:00
Link: CVE-2019-17393
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-18T17:15:10.423
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-17393
JSON object: View
Redhat Information
No data.