Skip to content
main
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

README.md

CVE-2021-3131

[Suggested description]

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the 'creds' URL parameter.

[VulnerabilityType Other]

CWE-522 Insufficiently Protected Credentials

[Vendor of Product]

1C Company

[Affected Product Code Base]

1C:Enterprise 8 - Tested: 8.3.17.1851

[Affected Component]

Web-server

[Impact Information Disclosure]

true

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Discoverer]

Irina Belyaeva (Jet Infosystems, jet.su)

[Reference]

https://1c-dn.com/1c_enterprise/what_is_1c_enterprise/

About

CVE-2021-3131

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.