12Planet Chat Server Administration Authentication Cleartext Credential Disclosure
Medium Nessus Plugin ID 11591
SynopsisThe remote web server contains a Java application that is affected by a credential disclosure vulnerability.
DescriptionThe remote host is running 12Planet Chat Server, a web-based chat server written in Java. It is, therefore, affected by a credential disclosure vulnerability due to connections to this server being done via cleartext. A man-in-the-middle attacker can exploit this vulnerability to obtain the administrator password of the website and use it to gain unauthorized access to this chat server.
SolutionAdd an HTTPS layer to the administration console for the deployment of production servers.