Sambar Server Cleartext Password Transmission

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server allows credentials to be transmitted in
cleartext.

Description :

The remote Sambar server allows users to log in without using SSL. A
man-in-the-middle attacker can exploit this to capture the passwords
of the users of this server. The attacker can then use these to access
the web mail accounts and modify the web pages on behalf of the users
of the system.

Solution :

Use Sambar on top of SSL.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 11585 ()

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial