VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 1, 2014· Updated May 6, 2026

CVE-2014-2212

CVE-2014-2212

Description

The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.

Affected products

38
  • Posh Project/Posh38 versions
    cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*+ 37 more
    • cpe:2.3:a:posh_project:posh:*:*:*:*:*:*:*:*range: <=3.3.0
    • cpe:2.3:a:posh_project:posh:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.5:-:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.5:beta:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.5:beta2:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.5:rc:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.0:-:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.0:p1:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.1:-:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.1:b:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.1:p1:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.1:p2:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.1:rc:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.2:-:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.2:beta:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.2:rc:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0:-:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:posh_project:posh:3.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.