CVE-2011-4736

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain sensitive information by sniffing the network, as the Control Panel in Parallels Plesk Panel receives cleartext password input over HTTP. This is demonstrated by forms in login up.php3 and certain other files.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider disabling HTTP access to the Control Panel and only allow HTTPS connections to encrypt password input. Restrict access to sensitive files such as login up.php3 to minimize the risk of exploitation.