CVE-2025-11155
Description
The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-11155? +
How do I check if I'm vulnerable to CVE-2025-11155? +
Related Vulnerabilities
Use of a custom password encoding algorithm in Streamsoft Prestiż software allows straightforward decoding of passwords using their encoded forms, …
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within …
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after …
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may …
An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated …
Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data …