Cleartext Storage of Passwords in Cookies Vulnerability in Dialogic PowerMedia XMS

CVE-2018-11639 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to access a user's password in cleartext.

Learn more about our User Device Pen Test.