CVE-2021-3131

[Suggested description]

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the 'creds' URL parameter.

[VulnerabilityType Other]

CWE-522 Insufficiently Protected Credentials

[Vendor of Product]

1C Company

[Affected Product Code Base]

1C:Enterprise 8 - Tested: 8.3.17.1851

[Affected Component]

Web-server

[Impact Information Disclosure]

true

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Discoverer]

Irina Belyaeva (Jet Infosystems, jet.su)

[Reference]

https://1c-dn.com/1c_enterprise/what_is_1c_enterprise/

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-3131

[Suggested description]

[VulnerabilityType Other]

[Vendor of Product]

[Affected Product Code Base]

[Affected Component]

[Impact Information Disclosure]

[Has vendor confirmed or acknowledged the vulnerability?]

[Discoverer]

[Reference]

About

Releases

Packages

jet-pentest/CVE-2021-3131

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-3131

[Suggested description]

[VulnerabilityType Other]

[Vendor of Product]

[Affected Product Code Base]

[Affected Component]

[Impact Information Disclosure]

[Has vendor confirmed or acknowledged the vulnerability?]

[Discoverer]

[Reference]

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages