Cisco WebEx One-Click Password Disclosure

Medium Nessus Plugin ID 69275

Synopsis

The remote host has software installed that stores credentials in an insecure fashion.

Description

The remote host has a version of Cisco WebEx One-Click installed that stores credentials in the registry using a key that can be easily derived.

Solution

Configure the software to not remember passwords.

See Also

http://www.nessus.org/u?4105fde6

https://github.com/OpenSecurityResearch/onedecrypt/

Plugin Details

Severity: Medium

ID: 69275

File Name: webex_oneclick_password_disclosure.nasl

Version: 1.3

Type: local

Agent: windows

Family: Windows

Published: 2013/08/08

Modified: 2018/08/08

Dependencies: 69274

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Temporal Score: 4.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: x-cpe:/a:webex:oneclick

Required KB Items: SMB/WebEx_OneClick/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/07/09

Reference Information

BID: 61304