Detections
Analytics

FileMaker Pro Client Request User Passwords Remote Disclosure

high Nessus Plugin ID 11586

Language:

Synopsis

The remote service has an information disclosure vulnerability.

Description

The remote host is running a FileMakerPro server.

There is a flaw in the design of the FileMakerPro server which makes the database authentication occur on the client side.
A remote attacker could exploit this flaw to gain access to databases by connecting to this port with a rogue client.

Solution

Upgrade to the latest version of FileMaker Pro.

See Also

https://seclists.org/bugtraq/2003/Apr/171

https://support.filemaker.com/s/?language=en_US

Plugin Details

Severity: High

ID: 11586

File Name: filemakerpro_server.nasl

Version: 1.18

Type: remote

Family: Misc.

Published: 5/7/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7315