NuytsTech Security

CVE-2015-2998

by ·

SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.

Date published : 2015-06-08

http://www.securityfocus.com/bid/75035

http://www.securityfocus.com/archive/1/535679/100/0/threaded

Tags: