Weak Encryption of Passwords in ManageEngine ServiceDesk Plus (SDP)
CVE-2011-1509 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Learn more about our Network Penetration Testing.