The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Servicedesk_plus | Manageengine | * | 8012 (including) |
Servicedesk_plus | Manageengine | 8.0 (including) | 8.0 (including) |