Weak Encryption of Passwords in ManageEngine ServiceDesk Plus (SDP)

Weak Encryption of Passwords in ManageEngine ServiceDesk Plus (SDP)

CVE-2011-1509 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Learn more about our Network Penetration Testing.