Netscape Administration Server /admin-serv/config/admpw Admin Password Disclosure

medium Nessus Plugin ID 10468

Synopsis

The remote service is vulnerable to an information disclosure flaw.

Description

The file /admin-serv/config/admpw is readable.

This file contains the encrypted password for the Netscape administration server. Although it is encrypted, an attacker may attempt to crack it by brute force.

Solution

Remove read access permissions for this file and/or stop the Netscape administration server.

Plugin Details

Severity: Medium

ID: 10468

File Name: netscape_adminpw.nasl

Version: 1.31

Type: remote

Family: Web Servers

Published: 7/15/2000

Updated: 8/7/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Settings/ParanoidReport, www/netscape-fasttrack, www/iplanet, www/netscape-commerce

Vulnerability Publication Date: 7/11/2000

Reference Information

BID: 1579

Detections

Analytics