CVE-2020-11821
First published: Mon Apr 27 2020(Updated: )
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rukovoditel Rukovoditel | =2.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11821?
CVE-2020-11821 is a vulnerability in Rukovoditel 2.5.2 that allows attackers to apply brute force on users' passwords and usernames.
How are passwords and usernames stored in Rukovoditel 2.5.2?
In Rukovoditel 2.5.2, passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing.
What is the severity of CVE-2020-11821?
CVE-2020-11821 has a severity rating of medium (5.3).
How can an attacker exploit CVE-2020-11821?
An attacker can exploit CVE-2020-11821 by applying brute force on the stored passwords and usernames.
Is there a fix for CVE-2020-11821?
Currently, there is no known fix for CVE-2020-11821. It is recommended to update to a newer version or use additional security measures.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/rukovoditel
- canonical/rukovoditel rukovoditel
- version/rukovoditel rukovoditel/2.5.2