2021-04-28 14:50:56
mitre
PUBLISHED
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/authClients.xml and obtain administrative login information that allows for a successful authentication bypass attack.