CVE-2014-2212

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
posh_projectposh
𝑥
≤ 3.3.0
posh_projectposh
1.0.1
posh_projectposh
1.1.0
posh_projectposh
1.2.0
posh_projectposh
1.3.0
posh_projectposh
1.3.2
posh_projectposh
1.4.2
posh_projectposh
1.5
posh_projectposh
1.5:beta
posh_projectposh
1.5:beta2
posh_projectposh
1.5:rc
posh_projectposh
1.5.1
posh_projectposh
2.0
posh_projectposh
2.0:beta
posh_projectposh
2.0:beta2
posh_projectposh
2.0:p1
posh_projectposh
2.0:rc
posh_projectposh
2.1
posh_projectposh
2.1:b
posh_projectposh
2.1:p1
posh_projectposh
2.1:p2
posh_projectposh
2.1:rc
posh_projectposh
2.2
posh_projectposh
2.2:beta
posh_projectposh
2.2:rc
posh_projectposh
2.2.1
posh_projectposh
2.2.3
posh_projectposh
2.3
posh_projectposh
3.0
posh_projectposh
3.0:beta
posh_projectposh
3.0.1
posh_projectposh
3.0.2
posh_projectposh
3.0.3
posh_projectposh
3.0.4
posh_projectposh
3.1.0
posh_projectposh
3.1.1
posh_projectposh
3.1.2
posh_projectposh
3.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q1/444
http://www.sysdream.com/CVE-2014-2211_2214
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf
http://seclists.org/oss-sec/2014/q1/444
http://www.sysdream.com/CVE-2014-2211_2214
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf