CVE-2001-0133

Name of the Vulnerable Software and Affected Versions: Interscan VirusWall versions 3.6.x and earlier

Description: The issue concerns the web administration interface of the affected software, which does not utilize encryption. This could potentially allow remote attackers to obtain the administrator password by sniffing it via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.

Recommendations: For Interscan VirusWall versions 3.6.x and earlier, consider disabling the setpasswd.cgi program and restricting access to the web administration interface until a fix is available. Avoid using HTTP GET requests that contain base64 encoded usernames and passwords to minimize the risk of exploitation.