Giters

jet-pentest / CVE-2021-3131

CVE-2021-3131

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2021-3131

[Suggested description]

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the 'creds' URL parameter.

[VulnerabilityType Other]

CWE-522 Insufficiently Protected Credentials

[Vendor of Product]

1C Company

[Affected Product Code Base]

1C:Enterprise 8 - Tested: 8.3.17.1851

[Affected Component]

Web-server

[Impact Information Disclosure]

true

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Discoverer]

Irina Belyaeva (Jet Infosystems, jet.su)

[Reference]

https://1c-dn.com/1c_enterprise/what_is_1c_enterprise/

About

CVE-2021-3131