Lucene search

[email protected]CVE-2001-1463

HistoryNov 19, 2001 - 5:00 a.m.

CVE-2001-1463

2001-11-1905:00:00

CWE-310

[email protected]

web.nvd.nist.gov

rhinosoft serv-u

plaintext password

cve-2001-1463

remote attack

password sniffing

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

CPENameOperatorVersion
solarwinds:serv-u_file_serversolarwinds serv-u file servereq3.0.0.16
solarwinds:serv-u_file_serversolarwinds serv-u file servereq3.0.0.17

CPE	Name	Operator	Version
solarwinds:serv-u_file_server	solarwinds serv-u file server	eq	3.0.0.16
solarwinds:serv-u_file_server	solarwinds serv-u file server	eq	3.0.0.17

References

securitytracker.com/id?1002882

www.kb.cert.org/vuls/id/279763

exchange.xforce.ibmcloud.com/vulnerabilities/7925

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON