Joomla! Cleartext Password Disclosure

high Nessus Network Monitor Plugin ID 9152

Synopsis

The installed Joomla! web application does not run over TLS, leaving usernames and passwords transmitted in cleartext over HTTP.

Description

Joomla! is an open source content management system written in PHP. When authentication and other sensitive data are not encrypted during transmission between client and server, an attacker who can sniff network traffic may use this flaw to gain unauthorized access to the administrator's web interface of this server.

Solution

Require the Joomla! web server to encrypt traffic associated with authentication or any sensitive data.

See Also

http://www.joomla.org

Plugin Details

Severity: High

ID: 9152

Family: CGI

Published: 3/23/2016

Updated: 5/18/2018