Medium severity5.3NVD Advisory· Published Apr 27, 2020· Updated Jun 17, 2026
CVE-2020-11821
CVE-2020-11821
Description
In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.
Affected products
1- Range: <2.5.2
Patches
Vulnerability mechanics
References
1- fatihhcelik.blogspot.com/2020/01/rukovoditel-password-hash-in-cookie-url.htmlnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.