PT-2001-1367 · Interscan · Interscan Viruswall

Published

2001-02-14

Updated

2008-09-05

CVE-2001-0133

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Interscan VirusWall versions 3.6.x and earlier

Description: The issue concerns the web administration interface of the affected software, which does not utilize encryption. This could potentially allow remote attackers to obtain the administrator password by sniffing it via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.

Recommendations: For Interscan VirusWall versions 3.6.x and earlier, consider disabling the setpasswd.cgi program and restricting access to the web administration interface until a fix is available. Avoid using HTTP GET requests that contain base64 encoded usernames and passwords to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0133

Affected Products

Interscan Viruswall

PT-2001-1367 · Interscan · Interscan Viruswall

CVE-2001-0133

Related Identifiers

Affected Products

References · 4