Sambar Server Cleartext Password Transmission

Medium Nessus Plugin ID 11585


The remote web server allows credentials to be transmitted in cleartext.


The remote Sambar server allows users to log in without using SSL. A man-in-the-middle attacker can exploit this to capture the passwords of the users of this server. The attacker can then use these to access the web mail accounts and modify the web pages on behalf of the users of the system.


Use Sambar on top of SSL.

Plugin Details

Severity: Medium

ID: 11585

File Name: sambar_plaintext.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Web Servers

Published: 2003/05/07

Modified: 2016/06/02

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/sambar

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

OSVDB: 137303