PT-2011-5066 · Parallels · Parallels Plesk Panel

Published

2011-12-16

Updated

2019-04-22

CVE-2011-4736

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain sensitive information by sniffing the network, as the Control Panel in Parallels Plesk Panel receives cleartext password input over HTTP. This is demonstrated by forms in login up.php3 and certain other files.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider disabling HTTP access to the Control Panel and only allow HTTPS connections to encrypt password input. Restrict access to sensitive files such as login up.php3 to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-4736

Affected Products

Parallels Plesk Panel

PT-2011-5066 · Parallels · Parallels Plesk Panel

CVE-2011-4736

Weakness Enumeration

Related Identifiers

Affected Products

References · 4