PT-2001-2036 · Alchemy · Alchemy Network Monitor+1

Published

2001-11-30

Updated

2017-12-19

CVE-2001-0870

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Alchemy Eye and Alchemy Network Monitor versions 1.9x through 2.6.18

Description The HTTP server in the affected software is enabled without authentication by default. This allows remote attackers to obtain network monitoring logs, which may contain sensitive information, by directly requesting the eye.ini file.

Recommendations For versions 1.9x through 2.6.18, consider disabling the HTTP server or configuring it to require authentication to prevent unauthorized access to network monitoring logs.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0870

Affected Products

Alchemy Eye

Alchemy Network Monitor

PT-2001-2036 · Alchemy · Alchemy Network Monitor+1

CVE-2001-0870

Related Identifiers

Affected Products

References · 4