Cisco WebEx One-Click Password Disclosure

medium Nessus Plugin ID 69275

Synopsis

The remote host has software installed that stores credentials in an insecure fashion.

Description

The remote host has a version of Cisco WebEx One-Click installed that stores credentials in the registry using a key that can be easily derived.

Solution

Configure the software to not remember passwords.

See Also

http://www.nessus.org/u?4105fde6

https://github.com/OpenSecurityResearch/onedecrypt/

Plugin Details

Severity: Medium

ID: 69275

File Name: webex_oneclick_password_disclosure.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 8/8/2013

Updated: 6/12/2020

Dependencies: webex_oneclick_installed.nasl

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Temporal Score: 4.7

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: E:F/RL:U/RC:ND

Vulnerability Information

CPE: x-cpe:/a:webex:oneclick

Required KB Items: SMB/WebEx_OneClick/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/9/2013

Reference Information

BID: 61304