Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrofocus Enterprise Developer
APPMicrofocus4.05.0≤ 3.0Microfocus Enterprise Server
APPMicrofocus4.05.0≤ 3.0
Powiązane podatności
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro...
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ES...
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Serve...
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration...