- Description
- The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-255
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:devonit:thin-client_management_tool:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5DEE171-8B23-4815-8E4E-8BBCB39AE66F"
}
],
"operator": "OR"
}
]
}
]