All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSick Media Server
APPSickwszystkie wersje
Powiązane podatności
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channel...
Files in the source code contain login credentials for the admin user and the property configuration password,...
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-forc...
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to ga...