PT-2011-5087 · Parallels · Parallels Plesk Small Business Panel

Publicado

2011-12-16

Atualizado

2017-08-29

CVE-2011-4757

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue allows remote attackers to bypass authentication by leveraging an unattended workstation. This is because the password form field is generated without disabling the autocomplete feature. The problem is demonstrated by forms in smb/auth and certain other files.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider disabling the autocomplete feature for password form fields as a temporary workaround until a patch is available. Restrict access to sensitive areas of the panel to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255

Identificadores relacionados

CVE-2011-4757

Produtos afetados

Parallels Plesk Small Business Panel

PT-2011-5087 · Parallels · Parallels Plesk Small Business Panel

CVE-2011-4757

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3