CVE-2019-17393

CRITICAL

Tomedo Server - Cleartext Transmission

Title source: rule

Description

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.

References (2)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Oct/33

Scores

CVSS v3 9.8

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (1)

tomedo/server

Timeline

Published Oct 18, 2019

Tracked Since Feb 18, 2026