Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4749

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4749
Last Modified 17 Jan 2012 11:16:15
Published 16 Dec 2011 06:55:10
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4749

Summary

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

Vulnerable Systems

Application

  • Parallels Plesk Panel 10.3.1 Build1013110726.09


References

MISC - http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

XF - plesk-billing-system-sec-bypass(72260)


Last Updated: 27 May 2016 10:57:56