Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1463

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1463
Last Modified 28 Apr 2010 12:00:00
Published 19 Nov 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1463

Summary

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Vulnerable Systems

Application

  • Serv-u 3.0.0.16

  • Serv-u 3.0.0.17


References

CERT-VN - VU#279763

XF - servu-ftp-plaintext-password(7925)

SECTRACK - 1002882


Last Updated: 27 May 2016 10:36:40