The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NSick Media Server
APPSickwszystkie wersje
Powiązane podatności
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensi...
Files in the source code contain login credentials for the admin user and the property configuration password,...
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between a...
The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cook...
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowi...