Lucene search
K

Web Server Transmits Cleartext Credentials

🗓️ 28 Sep 2007 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2461 Views

Web Server Transmits Cleartext Credentials. Remote web server contains HTML form fields transmitting credentials in cleartex

Code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(26194);
 script_version("$Revision: 1.17 $");
 script_cvs_date("$Date: 2016/11/29 20:13:38 $");

 script_name(english:"Web Server Transmits Cleartext Credentials");
 script_summary(english:"Uses the results of webmirror.nasl");
 
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server might transmit credentials in cleartext.");
 script_set_attribute(attribute:"description", value:
"The remote web server contains several HTML form fields containing
an input of type 'password' which transmit their information to
a remote web server in cleartext.

An attacker eavesdropping the traffic between web browser and 
server may obtain logins and passwords of valid users.");
 script_set_attribute(attribute:"solution", value:
"Make sure that every sensitive form transmits content over HTTPS.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
 script_cwe_id(
   522,	# Insufficiently Protected Credentials
   523,	# Unprotected Transport of Credentials
   718,	# OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management	
   724,	# OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
   928, # Weaknesses in OWASP Top Ten 2013
   930  # OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
 );

 script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/28");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO); 
 
 script_copyright(english:"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");

 script_dependencie("webmirror.nasl");
 script_require_ports("Services/www",80);
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, embedded: 1);

kb = get_kb_item_or_exit("www/" + port + "/ClearTextPasswordForms");
if ( kb )
{
  if (report_verbosity > 0)
  {
    if ( get_kb_item("Settings/PCI_DSS") ) set_kb_item(name:"PCI/ClearTextCreds/" + port, value:kb);
    security_note(port:port, extra:kb);
  }
  else
  {
    if ( get_kb_item("Settings/PCI_DSS") ) set_kb_item(name:"PCI/ClearTextCreds/" + port, 
						value:"The remote web server might transmit credentials in cleartext.");
    security_note(port);
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation