TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-TAIWAN SECOM CO., LTD.

TAIWAN SECOM CO., LTD. - Sensitivity Information Exposure

TVN ID	TVN-201910018
CVE ID	CVE-2020-3935
CVSS	7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products	Door Access Control to ver. 3.3.2 Personnel Attendance system prior to ver. 3.3.0.3_20160517
Description	TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Solution	Update to: Door Access Control system ver. 3.5.4 Personnel Attendance system ver. 3.4.0.0.3.05_20191112
Credit	Hans (CHT Security)
Public Date	2020-02-11

TAIWAN SECOM CO., LTD. - Sensitivity Information Exposure