Cleartext Password Vulnerability in SmarterStats by SmarterTools
CVE-2011-2151

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2151?

Several components of SmarterTools SmarterStats 6.0, specifically Admin/frmEmailReportSettings.aspx, Admin/frmGeneralSettings.aspx, Admin/frmSite.aspx, Client/frmUser.aspx, and Login.aspx, are vulnerable due to the acceptance of cleartext passwords. This oversight allows remote attackers to easily intercept sensitive information by sniffing the network, thereby compromising user credentials and potentially leading to further exploitation of the system.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67831

vdb-entryx_refsource_XF

http://xss.cx/examples/exploits/stored-reflected-xss-cwe7...

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2151?

References

Timeline