PT-2002-2276 · Localweb2000 · Localweb2000 Http Server

Published

2002-08-29

Updated

2017-07-11

CVE-2002-1353

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: LocalWEB2000 HTTP server version 2.1.0

Description: The issue allows remote attackers to obtain passwords in plain text by making a direct request to the users.lst file, which is stored under the web document root. This occurs because the LocalWEB2000 HTTP server stores passwords in plain text in the users.lst file.

Recommendations: For LocalWEB2000 HTTP server version 2.1.0, consider restricting access to the users.lst file to minimize the risk of exploitation. Additionally, avoid storing passwords in plain text and explore alternatives for secure password storage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1353

Affected Products

Localweb2000 Http Server

PT-2002-2276 · Localweb2000 · Localweb2000 Http Server

CVE-2002-1353

Related Identifiers

Affected Products

References · 5