Synopsis
The remote web server allows credentials to be transmitted in cleartext.
Description
The remote Sambar server allows users to log in without using SSL. A man-in-the-middle attacker can exploit this to capture the passwords of the users of this server. The attacker can then use these to access the web mail accounts and modify the web pages on behalf of the users of the system.
Solution
Use Sambar on top of SSL.
Plugin Details
File Name: sambar_plaintext.nasl
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/sambar