Description

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

Remediation

References

CVE-2020-11821

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0216)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-5095)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (3.0.5)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21365)

Severity

Medium

Classification

CVE-2020-11821 CWE-312 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities