IRCXPro Plaintext Passwords Local Disclosure

Low Nessus Plugin ID 11696


The remote web server is affected by an information disclosure vulnerability.


The remote web server is running IRCXPro.

This software stores the list of user names and passwords in plaintext in \Program Files\IRCXPro\Settings.ini.

An attacker with a full access to this host may use this flaw to gain the list of passwords of your users.


Upgrade to IRCXPro 1.1 or newer

See Also

Plugin Details

Severity: Low

ID: 11696

File Name: ircxpro_cleartext_passwords.nasl

Version: $Revision: 1.15 $

Type: local

Agent: windows

Family: Windows

Published: 2003/06/03

Modified: 2015/06/23

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/06/03

Reference Information

BID: 7792

OSVDB: 4660