Meridian Prolog Manager 2007, and 7.5 and previous versions, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote malicious users to obtain database access by capturing credentials via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
meridian software prolog manager 7.0 |
||
meridian software prolog manager 7.5 |
||
meridian software prolog manager 2007 |