CVE-2011-2151

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue allows remote attackers to obtain sensitive information by sniffing the network, as certain components in the SmarterTools SmarterStats web server accept cleartext passwords. The affected components include "Admin/frmEmailReportSettings.aspx", "Admin/frmGeneralSettings.aspx", "Admin/frmSite.aspx", "Client/frmUser.aspx", and "Login.aspx".

Recommendations For SmarterTools SmarterStats version 6.0, consider restricting access to the affected components, such as "Admin/frmEmailReportSettings.aspx", "Admin/frmGeneralSettings.aspx", "Admin/frmSite.aspx", "Client/frmUser.aspx", and "Login.aspx", until a patch is available to prevent the use of cleartext passwords. As a temporary workaround, avoid using these components over unsecured networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.