Weak Obfuscation Algorithm in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Allows Password Retrieval
CVE-2016-6602 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
Learn more about our Web App Pen Testing.