Netscape Administration Server /admin-serv/config/admpw Admin Password Disclosure

Medium Nessus Plugin ID 10468


The remote service is vulnerable to an information disclosure flaw.


The file /admin-serv/config/admpw is readable.

This file contains the encrypted password for the Netscape administration server. Although it is encrypted, an attacker may attempt to crack it by brute force.


Remove read access permissions for this file and/or stop the Netscape administration server.

Plugin Details

Severity: Medium

ID: 10468

File Name: netscape_adminpw.nasl

Version: $Revision: 1.30 $

Type: remote

Family: Web Servers

Published: 2000/07/15

Modified: 2014/05/26

Dependencies: 11919, 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Required KB Items: www/netscape-commerce, www/netscape-fasttrack, www/iplanet, Settings/ParanoidReport

Vulnerability Publication Date: 2000/07/11

Reference Information

BID: 1579

OSVDB: 367