The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-01T17:00:00

Updated: 2024-08-06T10:06:00.190Z

Reserved: 2014-02-26T00:00:00

Link: CVE-2014-2212

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-04-01T17:55:05.670

Modified: 2024-11-21T02:05:51.577

Link: CVE-2014-2212

cve-icon Redhat

No data.