Unrated severityNVD Advisory· Published Oct 18, 2019· Updated Aug 5, 2024

CVE-2019-17393

Description

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Tomedo/Tomedo Serverdescription
Tomedo/Tomedo Serverllm-create
Range: =1.7.3

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2019/Oct/33mitremailing-listx_refsource_FULLDISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000