Skip to main content

Cleartext Transmission of Sensitive Information

CVE-2016-1000224

Severity High
Score 8.4/10

Summary

ezseed-transmission bellow 0.0.15 is vulnerable to Man-in-the-Middle attacks for downloading and running a script over HTTP connection. An attacker in a privileged network position could intercept the script, replace it with malicious code and completely compromise the system running ezseed-transmission.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Advisory Timeline

  • Published