CVE-2008-3059 Information

Description

member/settings_account.php in Octeth Oempro 3.5.5.1 and possibly other versions before 4 uses cleartext to transmit a password entered in the FormValue_Password field which makes it easier for remote attackers to obtain sensitive information by sniffing the network related to the \Settings - Account Information\ tab.

Reference

http://octeth.com/blog/category/oempro4/ http://osvdb.org/ref/50/oempro.txt http://www.osvdb.org/50324 https://exchange.xforce.ibmcloud.com/vulnerabilities/47115