PT-2001-2554 · Rhinosoft · Rhinosoft Serv-U

Published

2001-11-19

Updated

2020-07-28

CVE-2001-1463

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RhinoSoft Serv-U version 3.0

Description The issue concerns the remote administration client for RhinoSoft Serv-U, where the user password is sent in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled. This allows remote attackers to intercept passwords.

Recommendations For RhinoSoft Serv-U version 3.0, consider disabling the remote administration client until a fix is available to prevent password interception. Restrict access to the network to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2001-1463

Affected Products

Rhinosoft Serv-U

PT-2001-2554 · Rhinosoft · Rhinosoft Serv-U

CVE-2001-1463

Weakness Enumeration

Related Identifiers

Affected Products

References · 4