Detections
Analytics

Webserver 4D Plaintext Password Storage

low Nessus Plugin ID 11151

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

According to its Server response header, the remote web server is Webserver 4D 3.6 or lower. Such versions store all usernames and passwords in plaintext in the file 'Ws4d.4DD' in the application's installation directory. A local attacker can exploit this flaw to gain unauthorized privileges on this host.

Solution

Contact the vendor for an update.

See Also

http://www.nessus.org/u?f98ab628

Plugin Details

Severity: Low

ID: 11151

File Name: webserver4d.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 10/26/2002

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/9/2004

Reference Information

CVE: CVE-2002-1521

BID: 5803