CVE-2020-11821

MEDIUM

Rukovoditel - Insufficiently Protected Credentials

Title source: rule

Description

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them.

References (1)

[Exploit, Vendor Advisory] https://fatihhcelik.blogspot.com/2020/01/rukovoditel-password-hash-in-cookie-url.html

Scores

CVSS v3 5.3

EPSS 0.0067

EPSS Percentile 71.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

rukovoditel/rukovoditel

Timeline

Published Apr 27, 2020

Tracked Since Feb 18, 2026