First published: Mon Apr 27 2020(Updated: )
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Rukovoditel Rukovoditel | =2.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11821 is a vulnerability in Rukovoditel 2.5.2 that allows attackers to apply brute force on users' passwords and usernames.
In Rukovoditel 2.5.2, passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing.
CVE-2020-11821 has a severity rating of medium (5.3).
An attacker can exploit CVE-2020-11821 by applying brute force on the stored passwords and usernames.
Currently, there is no known fix for CVE-2020-11821. It is recommended to update to a newer version or use additional security measures.