Plaintext Password Transmission in RhinoSoft Serv-U Remote Administration Client
CVE-2001-1463

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 19 November 2001

Summary

The remote administration client for RhinoSoft Serv-U 3.0 is susceptible to a security issue where user passwords are transmitted in plaintext, even when the S/KEY One-Time Password (OTP) authentication method is enabled. This vulnerability could allow remote attackers to intercept and capture user credentials during transmission, making it critical for users to ensure that secure password transmission practices are implemented to safeguard sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7925

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/279763

third-party-advisoryx_refsource_CERT-VN

http://securitytracker.com/id?1002882

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Apr 21, 2005
Vulnerability published
Nov 19, 2001