Weak Obfuscation Algorithm in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Allows Password Retrieval

Weak Obfuscation Algorithm in ZOHO WebNMS Framework 5.2 and 5.2 SP1 Allows Password Retrieval

CVE-2016-6602 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

Learn more about our Web App Pen Testing.