Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aenovo | Aenovo | * | * |
| Aenovoshop | Aenovo | * | * |
| Aenovowysi | Aenovo | * | * |
References
- http://marc.info/?l=bugtraq\u0026m=112872593432359\u0026w=2
- http://secunia.com/advisories/17117/
- http://www.kapda.ir/advisory-78.html
- http://www.osvdb.org/19939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22549
- http://marc.info/?l=bugtraq\u0026m=112872593432359\u0026w=2
- http://secunia.com/advisories/17117/
- http://www.kapda.ir/advisory-78.html
- http://www.osvdb.org/19939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22549