An insufficiently protected credentials issue exists in Intland codeBeamer ALM 10.x up to and including 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
intland codebeamer 10.1.0 |
||
intland codebeamer |