Beheshti Univercity Of Iran HTTP Authentication over Unencrypted Vulnerability

2016.03.03

Credit: 4TT4CK3R

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Exploit Title :
------------------
Beheshti Univercity Of Iran HTTP Authentication over Unencrypted
Vulnerability


Exploit Author :
--------------------
4TT4CK3R


Tested on :
--------------
Windows , Kali linux


Date :
--------
2016/03/2


Risk :
--------
High


HomePage :
---------------
http://www.sbu.ac.ir


Resource :
-------------
/_catalogs/masterpage


Request :
------------
GET /_catalogs/masterpage


Description :
--------------
We discovered a resource requiring HTTP authentication.
This resource was available over HTTP.
If a user were to authenticate to this resource over HTTP,
the supplied credentials would be sent in cleatrtext and be vulnerable to
eavesdropping.
HTTPS will prevent unauthorized disclosure of HTTP authentication
credentials.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Beheshti Univercity Of Iran HTTP Authentication over Unencrypted Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Beheshti Univercity Of Iran HTTP Authentication over Unencrypted Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.