PT-2011-5087 · Parallels · Parallels Plesk Small Business Panel

Published

2011-12-16

Updated

2017-08-29

CVE-2011-4757

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue allows remote attackers to bypass authentication by leveraging an unattended workstation. This is because the password form field is generated without disabling the autocomplete feature. The problem is demonstrated by forms in smb/auth and certain other files.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider disabling the autocomplete feature for password form fields as a temporary workaround until a patch is available. Restrict access to sensitive areas of the panel to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2011-4757

Affected Products

Parallels Plesk Small Business Panel

PT-2011-5087 · Parallels · Parallels Plesk Small Business Panel

CVE-2011-4757

Weakness Enumeration

Related Identifiers

Affected Products

References · 3