Interscan VirusWall Web Administration Vulnerability Exposes Passwords
CVE-2001-0133

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Interscan Viruswall
Vendor: CVE Published:; 12 March 2001

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2001-0133?

The web administration interface of Interscan VirusWall versions 3.6.x and earlier lacks proper encryption mechanisms. This security gap can enable remote attackers to intercept and obtain the administrator password via unprotected HTTP requests, including setpasswd.cgi commands. The absence of encryption means that sensitive credentials transmitted in base64 format can be easily sniffed by malicious actors, posing a significant risk to system security.

References

http://archives.neohapsis.com/archives/bugtraq/2001-01/02...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/2212

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2001
Vulnerability Reserved
Feb 6, 2001