CVE-2014-2212

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:posh_project:posh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:p2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:p1:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.0:rc:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:b:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.1:p1:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.5:-:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:2.2:beta:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:posh_project:posh:1.0.1:*:*:*:*:*:*:*

Information

Published : 2014-04-01 10:55

Updated : 2014-04-02 08:03


NVD link : CVE-2014-2212

Mitre link : CVE-2014-2212


JSON object : View

CWE
CWE-255

Credentials Management Errors

Advertisement

dedicated server usa

Products Affected

posh_project

  • posh