12Planet Chat Server Administration Authentication Cleartext Credential Disclosure

Medium Nessus Plugin ID 11591


The remote web server contains a Java application that is affected by a credential disclosure vulnerability.


The remote host is running 12Planet Chat Server, a web-based chat server written in Java. It is, therefore, affected by a credential disclosure vulnerability due to connections to this server being done via cleartext. A man-in-the-middle attacker can exploit this vulnerability to obtain the administrator password of the website and use it to gain unauthorized access to this chat server.


Add an HTTPS layer to the administration console for the deployment of production servers.

See Also


Plugin Details

Severity: Medium

ID: 11591

File Name: 12planet_chat_server_plaintext_password.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Web Servers

Published: 2003/05/07

Modified: 2016/01/05

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:12planet:chat_server

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/04/11

Reference Information

BID: 7354

OSVDB: 50429