The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-01T17:00:00
Updated: 2024-08-06T10:06:00.190Z
Reserved: 2014-02-26T00:00:00
Link: CVE-2014-2212
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-04-01T17:55:05.670
Modified: 2024-11-21T02:05:51.577
Link: CVE-2014-2212
Redhat
No data.