WebServer 4D < 3.6 Ws4d.4DD Cleartext Password Storage

Low Nessus Network Monitor Plugin ID 1450

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files.

Description

The remote web server (WebServer 4D) is known to store the usernames and passwords of HTTP users in cleartext on the remote drive. A local attacker may use this flaw to steal the credentials of other users and reuse their passwords

Solution

None

See Also

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html

Plugin Details

Severity: Low

ID: 1450

Family: Web Servers

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 11151

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 2.1

Temporal Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 3.9

Temporal Score: 3.9

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2002-1521

BID: 5803