The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and previous versions uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
manageengine servicedesk plus 8.0 |
||
manageengine servicedesk plus |