CVE-2011-4749

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.3.1 build1013110726.09

Description The issue concerns the billing system of Parallels Plesk Panel, where a password form field is generated without disabling the autocomplete feature. This makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. Specifically, the vulnerability is demonstrated by forms on certain pages under admin/index.php/default.

Recommendations For Parallels Plesk Panel version 10.3.1 build1013110726.09, consider disabling the autocomplete feature for password form fields as a temporary workaround to minimize the risk of exploitation. Restrict access to the billing system and admin/index.php/default pages to authorized personnel only.