1 |
Session Fixation (CWE-384), BDU-2020-04049, CVE-2020-25198 |
This vulnerability allows an attacker to gain access to a session, and hijack the session by stealing the user’s cookies. |
2 |
Improper Privilege Management
(CWE-269, CWE-266), BDU-2020-04050, CVE-2020-25194 |
This vulnerability allows a person with user privileges to perform requests with administrative privileges. |
3 |
Weak Password Requirements
(CWE-521), BDU-2020-04051, CVE-2020-25153 |
This vulnerability allows users to use weak passwords. |
4 |
Cleartext Transmission of Sensitive Information
(CWE-319), BDU-2020-04052, CVE-2020-25190 |
This vulnerability allows the web server to store and transmit the credentials of third-party services in cleartext. |
5 |
Improper Restriction Of Excessive Authentication Attempts (CWE-307), BDU-2020-04053, CVE-2020-25196 |
This vulnerability allows a person to use brute force to bypass authentication on a SSH/Telnet session. |
6 |
Information Exposure
(CWE-200), BDU-2020-04054, CVE-2020-25192 |
This vulnerability allows an attacker to access sensitive information in the built-in web service without proper authorization. |