CVE-2020-36917

Description

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-15 | Assigner VulnCheck

Problem types

Cleartext Transmission of Sensitive Information

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5605.php (Zero Science Lab Disclosure (ZSL-2020-5605)) third-party-advisory

packetstormsecurity.com/files/159915 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/191261 (IBM X-Force Vulnerability Exchange) vdb-entry

cxsecurity.com/issue/WLB-2020110023 (CXSecurity Vulnerability Database Entry) third-party-advisory

web.archive.org/web/20200919100215/http://www.yerootech.com/ (Archived Yeroo Tech Vendor Homepage) product

www.vulncheck.com/...leartext-password-disclosure-via-cookie (VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie) third-party-advisory

cve.org (CVE-2020-36917)

nvd.nist.gov (CVE-2020-36917)

Download JSON