When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
visam vbase 11.7.0.2 |