3com RAS 1500 Configuration Disclosure
Medium Nessus Plugin ID 11480
SynopsisThe remote host is susceptible to an information disclosure attack.
DescriptionThe remote 3com SuperStack II Remote Access System 1500 discloses its user configuration (user_settings.cfg) when the file is requested through the web interface. The file is transmitted in cleartext and contains the password of the device as well as other sensitive information.
An attacker may use this flaw to gain the control of this host.
SolutionFilter incoming traffic to this host.