Detections
Analytics

IRCXPro Plaintext Passwords Local Disclosure

low Nessus Plugin ID 11696

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote web server is running IRCXPro.

This software stores the list of user names and passwords in plaintext in \Program Files\IRCXPro\Settings.ini.

An attacker with a full access to this host may use this flaw to gain the list of passwords of your users.

Solution

Upgrade to IRCXPro 1.1 or newer

See Also

https://seclists.org/fulldisclosure/2003/Jun/45

Plugin Details

Severity: Low

ID: 11696

File Name: ircxpro_cleartext_passwords.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 6/3/2003

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 6/3/2003

Reference Information

BID: 7792