Sambar Server Cleartext Password Transmission

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server allows credentials to be transmitted in

Description :

The remote Sambar server allows users to log in without using SSL. A
man-in-the-middle attacker can exploit this to capture the passwords
of the users of this server. The attacker can then use these to access
the web mail accounts and modify the web pages on behalf of the users
of the system.

Solution :

Use Sambar on top of SSL.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 11585 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now