The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:NSmarsh Telemessage
APPSmarsh≤ 2025-05-05
Powiązane podatności
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint ...
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly ...
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail a...
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing...
The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) fr...