Detections
Analytics

WebServer 4D < 3.6 Ws4d.4DD Cleartext Password Storage

medium Nessus Network Monitor Plugin ID 1450

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote web server (WebServer 4D) is known to store the usernames and passwords of HTTP users in cleartext on the remote drive. A local attacker may use this flaw to steal the credentials of other users and reuse their passwords

Solution

None

See Also

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html

Plugin Details

Severity: Medium

ID: 1450

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11151

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:mdg_computer_services:web_server_4d

Reference Information

CVE: CVE-2002-1521

BID: 5803