An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Atvise | Atvise | 3.5.4 (including) | 3.5.4 (including) |
Atvise | Atvise | 3.6 (including) | 3.6 (including) |
Atvise | Atvise | 3.7 (including) | 3.7 (including) |