Plaintext Password Storage Vulnerability in Intellisol Xpede 4.1

Plaintext Password Storage Vulnerability in Intellisol Xpede 4.1

CVE-2002-0487 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Learn more about our User Device Pen Test.