Sensitive User Data Disclosure in VDG Security SENSE (formerly DIVA) 2.3.13

Sensitive User Data Disclosure in VDG Security SENSE (formerly DIVA) 2.3.13

CVE-2014-9577 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.

Learn more about our User Device Pen Test.