Cisco WebEx One-Click Password Disclosure

medium Nessus Plugin ID 69275

Synopsis

The remote host has software installed that stores credentials in an insecure fashion.

Description

The remote host has a version of Cisco WebEx One-Click installed that stores credentials in the registry using a key that can be easily derived.

Solution

Configure the software to not remember passwords.

See Also

http://www.nessus.org/u?4105fde6

https://github.com/OpenSecurityResearch/onedecrypt/

Plugin Details

Severity: Medium

ID: 69275

File Name: webex_oneclick_password_disclosure.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 8/8/2013

Updated: 6/12/2020

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: x-cpe:/a:webex:oneclick

Required KB Items: SMB/WebEx_OneClick/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/9/2013

Reference Information

BID: 61304