PT-2001-2554 · Rhinosoft · Rhinosoft Serv-U

Publicado

2001-11-19

Atualizado

2020-07-28

CVE-2001-1463

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RhinoSoft Serv-U version 3.0

Description The issue concerns the remote administration client for RhinoSoft Serv-U, where the user password is sent in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled. This allows remote attackers to intercept passwords.

Recommendations For RhinoSoft Serv-U version 3.0, consider disabling the remote administration client until a fix is available to prevent password interception. Restrict access to the network to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2001-1463

Produtos afetados

Rhinosoft Serv-U

PT-2001-2554 · Rhinosoft · Rhinosoft Serv-U

CVE-2001-1463

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4