exploitDog

CVE-2001-1463

Опубликовано: 19 нояб. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

Ссылки

http://securitytracker.com/id?1002882
Exploit
http://www.kb.cert.org/vuls/id/279763
Exploit
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/7925
http://securitytracker.com/id?1002882
Exploit
http://www.kb.cert.org/vuls/id/279763
Exploit
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/7925

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:solarwinds:serv-u_file_server:3.0.0.17:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01063

Низкий

7.5 High

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-286j-4758-jr9w

github

больше 3 лет назад

The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.

EPSS

Процентиль: 77%

0.01063

Низкий

7.5 High

CVSS2

Дефекты

CWE-310