mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-14 19:18:06 +02:00
0xMarcio
864 B
864 B
CVE-2014-0869
Description
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
POC
Reference
- http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
- http://seclists.org/fulldisclosure/2014/Jun/173
Github
No PoCs found on GitHub currently.