Sambar Server Cleartext Password Transmission

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server allows credential to be transmitted in
cleartext.

Description :

The remote Sambar server allows users to log in without using SSL. A
man-in-the-middle attacker can exploit this to capture the passwords
of the users of this server. The attacker can then use these to access
the web mail accounts and modify the web pages on behalf of the users
of the system.

Solution :

Use Sambar on top of SSL.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Family: Web Servers

Nessus Plugin ID: 11585 ()

Bugtraq ID:

CVE ID: