Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1481

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2001-1481
Last Modified 05 Sep 2008 04:26:40
Published 31 Dec 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1481

Summary

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

Vulnerable Systems

Application

  • Imatix Xitami 2.4

  • Imatix Xitami 2.5

  • Imatix Xitami 2.5 B4


References

XF - xitami-default-password-plaintext(7600)

BID - 3582

MISC - http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html

BUGTRAQ - 20011126 Xitami Webserver stores admin password in clear text.


Last Updated: 27 May 2016 10:36:41