Detections
Analytics

12Planet Chat Server Administration Authentication Cleartext Credential Disclosure

medium Nessus Plugin ID 11591

Language:

Synopsis

The remote web server contains a Java application that is affected by a credential disclosure vulnerability.

Description

The remote host is running 12Planet Chat Server, a web-based chat server written in Java. It is, therefore, affected by a credential disclosure vulnerability due to connections to this server being done via cleartext. A man-in-the-middle attacker can exploit this vulnerability to obtain the administrator password of the website and use it to gain unauthorized access to this chat server.

Solution

Add an HTTPS layer to the administration console for the deployment of production servers.

See Also

http://www.nessus.org/u?9f7511d2

Plugin Details

Severity: Medium

ID: 11591

File Name: 12planet_chat_server_plaintext_password.nasl

Version: 1.24

Type: remote

Family: Web Servers

Published: 5/7/2003

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:12planet:chat_server

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/11/2003

Reference Information

BID: 7354