CVE-2021-3131

HIGH

1C:Enterprise 8 < 8.3.17.1851 - Inadequate Encryption Strength via Base64 Credential Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3131. PoCs published by jet-pentest.

AI-analyzed exploit summary The repository describes CVE-2021-3131, an information disclosure vulnerability in 1C:Enterprise 8's web server where base64-encoded credentials are exposed in the 'creds' URL parameter. The README provides technical details such as the affected component, CWE classification, and vendor confirmation, but lacks exploit code or scanning functionality.

Description

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2021-3131

View Code ZIP pw:eip

The repository describes CVE-2021-3131, an information disclosure vulnerability in 1C:Enterprise 8's web server where base64-encoded credentials are exposed in the 'creds' URL parameter. The README provides technical details such as the affected component, CWE classification, and vendor confirmation, but lacks exploit code or scanning functionality.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: 1C:Enterprise 8 (versions before 8.3.17.1851)

No auth needed

Prerequisites: Access to the web server's URL with the 'creds' parameter

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/jet-pentest/CVE-2021-3131

Scores

CVSS v3 7.5

EPSS 0.0095

EPSS Percentile 56.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-326

Status published

Products (1)

1c/1c\ 8.0 - 8.3.17.1851

Published Jan 13, 2021

Tracked Since Feb 18, 2026